You are on page 1of 104

Installation Guide

McAfee Vulnerability Manager 7.5

COPYRIGHT
Copyright 2012 McAfee, Inc. Do not copy without permission.

TRADEMARKS
McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator,
McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab,
McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection,
TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States
and other countries. Other names and brands may be claimed as the property of others.

LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR
A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS
SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.

Issued 6/15/2012 12:51 / McAfee Vulnerability Manager Installation Guide

Contents
Introducing McAfee Vulnerability Manager ..................................................... 6

Installation checklist .......................................................................................................... 6


Components and what they do ............................................................................................ 7
Audience .......................................................................................................................... 8
Find product documentation ............................................................................................... 8

System Requirements and Architectures ........................................................ 9

Number of servers required ................................................................................................ 9


Hardware and software requirements................................................................................. 11
Single server requirements......................................................................................... 11
Multiple server requirements ...................................................................................... 12
Microsoft Windows Server 2003 support....................................................................... 16
Browser requirements ...................................................................................................... 16
Disable Enhanced Security Configuration...................................................................... 17
Network requirements...................................................................................................... 17
Deployment architectures ................................................................................................. 21
Dual-server architecture ............................................................................................ 21
Three-server architecture ........................................................................................... 22
More than three servers ............................................................................................. 23

Installing on a Single Server ........................................................................ 24

Audience ........................................................................................................................ 24
Process overview ............................................................................................................. 24
McAfee Vulnerability Manager architecture .......................................................................... 24
How the pieces fit together ............................................................................................... 25
Installing and configuring McAfee Vulnerability Manager on a single server ............................. 25
Creating your first vulnerability scan and report .................................................................. 28
Post-installation activities ................................................................................................. 30

Installing on Multiple Servers ....................................................................... 31

Before you install McAfee Vulnerability Manager .................................................................. 31


McAfee Vulnerability Manager 7.5 components.............................................................. 31
System component preparation ......................................................................................... 32
Preparing the database server .................................................................................... 32
Preparing the scan engine server ................................................................................ 34
Preparing the web server ........................................................................................... 35
McAfee Vulnerability Manager 7.5 installation...................................................................... 35
Installing using a recommended installation type .......................................................... 36
Adding an extra scan engine ....................................................................................... 38
Installing using the custom installation type ................................................................. 39
Installation setting descriptions ................................................................................... 43
Login information ...................................................................................................... 45
Hiding a Microsoft SQL Server 2005 instance ................................................................ 45
Hiding a Microsoft SQL Server 2008 instance ................................................................ 46
Changing the SQL instance name ................................................................................ 47

Uninstalling McAfee Vulnerability Manager ................................................... 49

Uninstalling a previous version of McAfee Vulnerability Manager ............................................ 49


Do NOT remove registry keys ........................................................................................... 50

Configuring Your Servers .............................................................................. 51


McAfee Vulnerability Manager Update ................................................................................ 51
Setting up McAfee Vulnerability Manager Update ........................................................... 53
Adding proxy information for connecting to the update server ........................................ 54

McAfee Vulnerability Manager 7.5 Installation Guide

iii

Contents

Running McAfee Vulnerability Manager Update as a service ............................................ 54


Troubleshooting the McAfee Vulnerability Manager Update service................................... 55
Register McAfee Vulnerability Manager 7.5 ......................................................................... 56
Sending a registration request to McAfee ..................................................................... 56
Activate McAfee Vulnerability Manager 7.5 ................................................................... 57
Enable notifications.......................................................................................................... 57
Enabling SNMP notifications ........................................................................................ 57
Enabling email notifications ........................................................................................ 59
Hardening your servers .................................................................................................... 61
Update your servers with the latest patches ................................................................. 61
Setting up SSL .......................................................................................................... 61
Add the enterprise manager trust site certificate ................................................................. 61
Check the server_name in the CONFIG.INI file.............................................................. 62
Installing the McAfee Vulnerability Manager Trust Site Certificate .................................... 62

Upgrading to McAfee Vulnerability Manager 7.5 ........................................... 63

Back up the SQL server database using SQL Server Management Studio ................................ 65
Backing up the Windows registry ....................................................................................... 66
Upgrading Microsoft SQL Server 2000 ................................................................................ 67
Microsoft SQL server 2005 installation settings.................................................................... 68
Changing the Microsoft SQL memory settings ..................................................................... 69
Microsoft SQL server 2008 and 2008 R2 installation features ................................................ 69
Restoring the Windows registry ......................................................................................... 70
Restoring the McAfee Vulnerability Manager database .......................................................... 70
Upgrading from a previous version .................................................................................... 72
Merging the config.ini and php.ini files ......................................................................... 74
Starting and stopping the SQL server database ............................................................. 74
Rerunning scans ....................................................................................................... 75
Microsoft Windows Server 2003 upgrade support ................................................................ 75
Upgrading appliances ....................................................................................................... 75

Troubleshooting and Tips ............................................................................. 76

Finding the NetBIOS name ............................................................................................... 76


Creating strong passwords ............................................................................................... 76
Application Layer Gateway Message ................................................................................... 76
Performance issues when running a large number of reports ................................................ 77
SQL settings ................................................................................................................... 77
Changing the database authentication settings ............................................................. 77
Optimize dynamic memory settings ............................................................................. 78
Setting the SA password in SQL .................................................................................. 78
Changing the TCP/IP protocol ..................................................................................... 79
Optional enterprise manager settings ................................................................................. 80
Using McAfee VirusScan Enterprise 8.0i and later .......................................................... 80
Setting up a logon message ....................................................................................... 81
Allowing root organization administrators to switch to global administrator....................... 82
Setting up the CONFIG.INI and PHP.INI files ................................................................ 83
Disabling SSL.................................................................................................................. 96
Turning off SSL in configuration manager ..................................................................... 97
Restarting the API server ........................................................................................... 97
Modifying the CONFIG.INI file on the enterprise manager............................................... 97
Turning off SSL on the enterprise manager .................................................................. 98
Why does my Foundstone Configuration Agent system tray icon have an exclamation mark ..... 98
Installation error when FIPS is enabled .............................................................................. 99

Appendix .................................................................................................... 100

Microsoft SQL Server 2005 Express Settings ......................................................................100


Microsoft SQL Server 2005 Express installation settings ................................................100
Internet access ........................................................................................................101
Microsoft SQL Server 2008 R2 Express settings ..................................................................102
Disabling Admin Approval Mode (Windows 2008 R2) ...........................................................102
Move the database .........................................................................................................102
Move the enterprise manager ..........................................................................................103

McAfee Vulnerability Manager 7.5 Installation Guide

iv

Contents

Changing the Foundstone Configuration Agent Settings .......................................................103


Using the United States Federal Information Processing Standard ........................................103

McAfee Vulnerability Manager 7.5 Installation Guide

Introducing McAfee Vulnerability


Manager
McAfee Vulnerability Manager is an agentless network scanner that helps you identify and protect the
assets (systems) on your network. This allows managers to monitor and respond to changing risks in
their environment.
This installation guide contains system requirements and suggestions on how many servers to deploy
based on the size of your network. This guide also contains the concepts and tasks for installing the
product, what to do after installation, and upgrading from a previous version.
Note: The Foundstone product is now known as McAfee Vulnerability Manager. For this release,
some portions of the product retain the Foundstone label.

Installation checklist
These are the basic steps for preparing your network and installing McAfee Vulnerability Manager 7.5.
Each step is explained in further detail later in this guide.

Installing on a single server


For users who want to install McAfee Vulnerability Manager on a single server. This section describes
installing McAfee Vulnerability Manager, running your first scan, and reviewing the report. See
Installing on a single server (page 24).

Upgrade instructions
For users who are upgrading from a previous version of the product, follow the instructions in
Upgrading to McAfee Vulnerability Manager 7.5 (on page 63).

Custom installation
For users who want to install McAfee Vulnerability Manager on a more than one server. This
installation process requires some planning and configuration for proper installation.

Step 1: Pre-installation planning

Scope out the size and shape of your network. Take special note of geographic challenges and
firewalls.
Determine which deployment architecture to use, based on the size and accessibility of the
network. If a scan engine needs to access the entire network, are there any barriers?
Using the system requirements guidelines for your chosen architecture, acquire systems and
software to host the McAfee Vulnerability Manager servers.

For details about pre-installation planning, see Before you install McAfee Vulnerability Manager (on page
31).
Note: McAfee Vulnerability Manager does not support installation on a system with an underscore in
the host name.

McAfee Vulnerability Manager 7.5 Installation Guide

Introducing McAfee Vulnerability Manager


Components and what they do

Step 2: System component preparation

Install Microsoft SQL Server (see "Preparing the database server" on page 32) and its latest
service pack on the database server. Make sure that it is fully functional, and that the system
administrator (SA) password is available.
On the web server, install Microsoft IIS Web Server (see "Preparing the web server" on page 35)
and its latest security patches.

For details about preparing your servers, see System component preparation (on page 32).

Step 3: Install McAfee Vulnerability Manager 7.5

Run the McAfee Vulnerability Manager 7.5 installation program on each server.

For more information, see How to install McAfee Vulnerability Manager 7.5 (see "McAfee Vulnerability
Manager 7.5 installation" on page 35).

Post installation tasks

On one scan engine, run the McAfee Vulnerability Manager 7.5 update program (see "McAfee
Vulnerability Manager Update" on page 51) to get the latest vulnerability updates. This updates
the database and any other scan engines connected to it.
Register McAfee Vulnerability Manager 7.5 to activate it (see "Register McAfee Vulnerability
Manager 7.5" on page 56). You have 60 days to use McAfee Vulnerability Manager 7.5 before the
product ceases to function.
Harden your servers (see "Hardening your servers" on page 61) to comply with your organization
security policies.
Maintain your database with regular backups and updated statistics to keep it running at optimal
performance.

For more information, see Configuring your servers (on page 51).

Components and what they do


McAfee Vulnerability Manager consists of components that work together to monitor your systems.

Enterprise manager Uses Microsoft Internet Information Services (IIS) to provide authorized
users with access to McAfee Vulnerability Manager through their web browsers. It allows them to
manage and run the product from anywhere on the network. Access is protected by user
identification and authentication. Set up Secure Socket Layers (SSL) through the web server to
provide encrypted communication to browsers.
Scan engine Scans the network environment. Depending on the logistics and size of your
network, you might need more than one scan engine to scan the network.
Scan controller Provides the communication between the scan engine and the database. Most
network environments only need one scan controller. For a large network (class A) or segmented
network (WAN), use multiple scan controllers.
Database The data repository for the product. It uses Microsoft SQL Server to store everything
from scan settings and results to user accounts and scan engine settings. It contains all of the
information needed to track organizations and workgroups, manage users and groups, run scans,
and generate reports.
API server Provides the communication between the enterprise manager and the database.
Notification service Provides SNMP and email (SMTP) notification messages for integration
with third-party help desk management systems and email servers.
Data synchronization service Gathers information from McAfee ePO databases, LDAP servers,
and other McAfee Vulnerability Manager 7.5 databases. For McAfee ePO databases, it provides
data to the product for host and OS identification. For LDAP servers, it provides assets you can
add to scan configurations. For other McAfee Vulnerability Manager databases, it provides scan
data.
Report engine Generates scan-based and asset-based reports.

McAfee Vulnerability Manager 7.5 Installation Guide

Introducing McAfee Vulnerability Manager


Find product documentation

Configuration manager Distributes initial certificates to the other product components and
manages the updates to the product components.
Web application scanner Provides a scan configuration, vulnerability checks, and scan reports
for web applications. The web application scanner is a module that must be purchased.

Audience
This information is intended for network administrator responsible for installing and configuring
software on network servers.

Find product documentation


McAfee provides the information you need during each phase of product implementation, from
installing to using and troubleshooting.
1

Go to the McAfee Product Download site.

Type in your grant number, then click Submit.

Select McAfee Vulnerability Manager.

After a product is released, information about the product is entered into the McAfee online
KnowledgeBase at http://mysupport.mcafee.com.

McAfee Vulnerability Manager 7.5 Installation Guide

System Requirements and Architectures


Number of servers required

System Requirements and


Architectures
These guidelines describe the McAfee Vulnerability Manager 7.5 system requirements for each
component.

Number of servers required


The number, type, and placement of product servers depend on the total amount of address space,
total number of live devices, network topology, desired scan performance, network constraints, and
network policies.
Note: McAfee Vulnerability Manager supports only servers running English-language operating
systems.
The following matrix provides guidelines for determining the number of McAfee Vulnerability Manager
servers.
Number of
live IPs

Number of servers

Notes

0 2,500

One product server with an All- Ideal for small networks


in-One configuration
and product evaluations

2,500
10,000

Two product servers: One


configured as enterprise
manager web portal and the
other configured as a
database, API server, scan
controller, and a scan engine
with additional components.

Very common configuration


for small to mid-sized
deployments

10,001
20,000

Two product servers: One


configured as enterprise
manager web portal and the
other configured as database,
API server, scan controller,
and scan engine with
additional components.

Well-suited for large,


distributed environments

One product server configured


as a dedicated scan engine.

McAfee Vulnerability Manager 7.5 Installation Guide

System Requirements and Architectures


Number of servers required

Number of
live IPs

Number of servers

Notes

20,001 >100,000

Three product servers: One


configured as enterprise
manager web portal, one
configured as database, and
one configured as API server,
scan controller, and scan
engine with additional
components.

Ideal for large, global,


distributed and diverse
networks

n product servers configured as


dedicated secondary scan
engines.
Consider these factors:

Number of IP addresses to be scanned. The primary factor is the number of IP addresses to be


scanned. Small to medium-sized networks, as well as installations for product evaluation
purposes, can deploy a single product server. Larger networks are better accommodated with
additional hardware.
Network connectivity to, and reachability of, all desired target environments. A scan engine must be
able to reach its targets for the results to provide value. When placing scan engines, consider the
networks that are to be scanned and place the scan engine so that it is able to reach the
maximum number of assets with as few firewalls or packet filtering devices as possible.
Firewall traversing. The purpose of a firewall is to restrict traffic to legitimate users and prohibit
traffic that might be malicious. Depending upon the nature of the vulnerability and the discovery
methodology, vulnerability scanning signatures might resemble malicious traffic and be blocked or
filtered by a firewall or port filter. The result of such well-intentioned security devices might be
that the quality of data returned from a vulnerability scan is adversely affected. For example,
hosts behind a firewall might not be discovered correctly or at all, or a firewall might make it
appear that every host behind the firewall is present when they are not. Another possible effect is
that discovery and assessments might take longer to complete when having to traverse a firewall
compared to scans that do not have to traverse firewalls. A common technique to mitigate the
impact is to either avoid sending the assessment traffic through a firewall altogether, or to create
an exception rule in the firewall rule base to allow any and all packets to and from the scan engine
to traverse the firewall unaltered.
WAN links and latency. To ensure a manageable vulnerability assessment schedule, McAfee
Vulnerability Manager employs various timing and monitoring components. Such components
monitor the total time a thread has taken to run a check against a host. If a certain threshold is
exceeded, the thread is terminated under the assumption that the host is down, or that packets
have been lost in transit to or from the host. This technique is necessary to ensure that a scan is
not in an infinite waiting state. Therefore, WAN links, or heavily congested networks in general,
might need special consideration in a deployment. Tests have shown that scanning via WAN links
with a latency of more than 150 milliseconds is likely to produce results of an improper quality.
For example, a set of systems can only be reached via a WAN link, then consider placing a scan
engine in the remote environment so scanning is done locally and not be subject to packet loss
and timeouts that are common on a congested WAN link.

McAfee Vulnerability Manager 7.5 Installation Guide

10

System Requirements and Architectures


Hardware and software requirements

Other network traffic (business-critical data/sessions). Any active scanning technology, such as
McAfee Vulnerability Manager, sends some amount of data to assets on the network. This is an
unavoidable consequence of any vulnerability scanning technology. McAfee Vulnerability Manager
provides robust and detailed controls that allow customers to optimize the scanning behavior and
speed of McAfee Vulnerability Manager. The product has default settings that have proved safe
and effective in most networks. However, no matter how McAfee Vulnerability Manager is
deployed and configured, you should always pay attention to network segments, WAN links,
firewalls, and so on, where particularly important data is passing. Consider a remote site that is
transmitting transactions from a website through a congested or slow WAN link during local
business hours. Since this system only operates during certain hours, you should configure scans
so that the environment is scanned while the web server is not processing transactions and not
relying on bandwidth on the WAN link.
Security or performance. When two product servers are used, McAfee recommends that you deploy
the enterprise manager on one system and the other product components on the second system.
This provides more security because the enterprise manager can be placed outside your firewall,
so users can access it, while the second system can be placed inside the firewall to gather
accurate data from scanned systems. However, having the scan engine and scan controller on the
same system as the database can slow performance, based on the amount of data being
processed. To improve performance when using two product servers, you could separate the scan
engine and scan controller from the database. For example: the enterprise manager, scan engine,
and scan controller on one system and the database and other McAfee Vulnerability Manager
components on the second system.

Hardware and software requirements


This section covers the minimum hardware and software requirements for installing McAfee
Vulnerability Manager.
Note: When installing McAfee Vulnerability Manager on a server running Windows 2008 R2, you
must either be logged in as the root administrator for the server or the Admin Approval Mode (see
"Disabling Admin Approval Mode (Windows 2008 R2)" on page 102) must be disabled.

Single server requirements


These are the system requirements for installing McAfee Vulnerability Manager on a single server (Allin-One). If you are installing McAfee Vulnerability Manager on multiple servers, see Multiple Server
requirements (page 12).
Note: McAfee Vulnerability Manager components require an Internet Protocol version 4 (IPv4)
address to properly communicate. Systems running product components must have an IPv4 address
and can have an IPv6 address to facilitate scanning IPv6 targets.

Single server system requirements


Component

Requirement

Processor

Dual Xeon 2 GHz, Dual Core Xeon 2.33 GHz,


or higher

Memory

4 GB RAM

Disk space

160 GB Partition

Dedicated system

Yes
Administrator account
McAfee Vulnerability Manager 7.5 Installation Guide

11

System Requirements and Architectures


Hardware and software requirements

Component

Requirement

Disk partition formats

NTFS

Network card

Ethernet

Single server software requirements

Microsoft Windows 2008 R2


Microsoft Windows 2008 R2 Service Pack 1 and later

The Foundstone Configuration Agent requires administrator rights to start and stop services. If
the logged in user does not have administrator rights, McAfee Vulnerability Manager might not
function properly.
Microsoft SQL Server

Microsoft SQL Server 2005 Service Pack 4 and later (32-bit and 64-bit)

Microsoft SQL Server 2008 Service Pack 1 and later (32-bit and 64-bit)

Microsoft SQL Server 2008 R2 Service Pack 1 and later (32-bit and 64-bit)

Microsoft SQL Server 2008 R2 Express Service Pack 1 and later (64-bit)
Also:

All Microsoft SQL and .NET hotfixes and patches.

McAfee recommends using 750 MB for the SQL memory setting.

SQL Browser (SQL Server 2008 R2 Express)


Additional software (covered by default Microsoft Windows and Microsoft SQL installations)

IIS 7.5, including current IIS security patches

MDAC 2.8

World Wide Web Publishing must be running

SQL Client Tools

Note: McAfee Vulnerability Manager does not support installing the database with .NET 4.0. If you
must use .NET 4.0, install the database first.
Note: If you change the network settings on the server running the scan engine, the system should
be restarted or the scan components must be restarted.

Multiple server requirements


McAfee Vulnerability Manager consists of several components. Any McAfee Vulnerability Manager
component requiring a minimum amount of system resources are listed below. If you are installing
multiple McAfee Vulnerability Manager components on a single server, use the highest minimum
system requirements as your guide.

Operating system requirements for all McAfee Vulnerability Manager 7.5 servers

Windows Server 2008 R2, without a service pack, or with Service Pack 1 or later. McAfee
Vulnerability Manager only supports English operating systems.
The Foundstone Configuration Agent requires administrator rights to start and stop services. If the
logged in user does not have administrator rights, McAfee Vulnerability Manager might not
function properly.

Note: To ensure scan accuracy and device communication, McAfee recommends specifying a static IP
address.
Note: McAfee Vulnerability Manager components require an Internet Protocol version 4 (IPv4)
address to properly communicate. Systems running product components must have an IPv4 address
and can have an IPv6 address to facilitate scanning IPv6 targets.

McAfee Vulnerability Manager 7.5 Installation Guide

12

System Requirements and Architectures


Hardware and software requirements

Enterprise manager system requirements


Component

Requirement

Processor

Dual Xeon 2 GHz, Dual Core Xeon 2.33 GHz,


or higher

Memory

4 GB RAM

Disk space

80 GB Partition

Additional software

IIS 7.5
Current IIS security patches
World Wide Web Publishing must be
running

Dedicated system

Yes
Administrator account

Disk partition formats

NTFS

Network card

Ethernet

Database system requirements


Component

Requirement

Processor

Dual Xeon 2 GHz, Dual Core Xeon 2.33 GHz,


or higher

Disk space

160 GB Partition
Tip: 250 GB of disk space is recommended for
large networks.

Memory

4 GB

Additional software

Microsoft SQL Server 2005 SP4 and later


(32-bit and 64-bit)
Microsoft SQL Server 2008 SP1 and later
(32-bit and 64-bit)
Microsoft SQL Server 2008 R2 SP1 and
later (32-bit and 64-bit)

Also:
All SQL hotfixes and patches
All .NET hotfixes and patches

Note: Microsoft SQL Server 2008 R2 Express is


not recommended for a distributed environment.
Dedicated system

Yes

Virtual memory

4 GB minimum

Disk partition formats

NTFS

SQL server memory


settings

900 MB

McAfee Vulnerability Manager 7.5 Installation Guide

13

System Requirements and Architectures


Hardware and software requirements

Component

Requirement

Network card

Ethernet

SQL server memory recommendations


McAfee recommends using the following SQL memory settings:

When the database is the only component on the system, set the Maximum SQL memory to 1.4
GB.
When the database and the Report Server are both running on the same system, use 900 MB.
When the database and the scan engine are both running on the same system, use 750 MB.

Note: McAfee Vulnerability Manager does not support installing the database with .NET 4.0. If you
must use .NET 4.0, install the database first.

Scan engine system requirements


Component

Requirements

Processor

Dual Xeon 2 GHz, Dual Core Xeon 2.33 GHz,


or higher

Memory

4 GB RAM

Disk space

80 GB Partition

Additional software

MDAC 2.8

Dedicated system

Recommended when running large scans

Virtual memory

4 GB minimum

Disk partition formats

NTFS

Required services

NetBIOS over TCP/IP

Network card

Ethernet

Note: Microsoft Windows does not allow the hostname and user name to be the same. Do not use
FS as the hostname for the system running the scan engine.
Note: If you change the network settings on the server running the scan engine, the system should
be restarted or the scan components must be restarted.

Scan controller system requirements


Component

Requirements

Memory

2 GB RAM

Disk space

80 GB Partition

Additional software

Dedicated system

No

Network card

Ethernet

MDAC 2.8
SQL Client Tools

Note: The scan controller provides communication between the scan engines and the database.
McAfee Vulnerability Manager 7.5 Installation Guide

14

System Requirements and Architectures


Hardware and software requirements

Configuration manager system requirements


Component

Requirements

Memory

1 GB RAM

Disk space

80 GB Partition

Additional software

MDAC 2.8

Dedicated system

No

Network card

Ethernet

API server system requirements


Component

Requirements

Memory

1 GB RAM

Disk space

80 GB Partition

Additional software

MDAC 2.8

Dedicated system

No

Network card

Ethernet

Notification service system requirements


Component

Requirements

Memory

1 GB RAM

Disk space

80 GB Partition

Additional software

MDAC 2.8

Dedicated system

No

Network card

Ethernet

Note: To provide notifications through email, this server must have access to the email relay server
on your network.

Data synchronization service system requirements


Component

Requirements

Memory

1 GB RAM

Disk space

80 GB Partition

Additional software

MDAC 2.8

McAfee Vulnerability Manager 7.5 Installation Guide

15

System Requirements and Architectures


Browser requirements

Component

Requirements

Dedicated system

No

Network card

Ethernet

Report engine system requirements


Component

Requirements

Memory

2 GB RAM

Disk space

80 GB Partition

Additional software

MDAC 2.8

Dedicated system

Recommended for report-intensive


environments

Network card

Ethernet

Microsoft Windows Server 2003 support


McAfee Vulnerability Manager 7.5 allows the use of Microsoft Windows Server 2003 for the scan
controller and scan engine only, with some limitations.
A Microsoft Windows Server 2003 scan engine cannot scan Internet Protocol version 6 (IPv6) targets;
this includes targets with an IPv4 address converted into an IPv6 address. The inability to scan IPv6
targets also affects McAfee Policy Auditor and McAfee Network Security Manager (NSM) integration
with McAfee Vulnerability Manager.
For installation information, see Adding an extra scan engine (page 38).
For upgrade information, see Microsoft Windows Server 2003 upgrade support (page 75).

Browser requirements
Depending on the network settings, authorized users can access McAfee Vulnerability Manager
through the web browser from anywhere.
If you are upgrading to McAfee Vulnerability Manager 7.5, users should clear their web browser cache
to ensure updated pages display properly.

Individual browser requirements

Microsoft Internet Explorer 8.0 or 9.0 running on a Microsoft Windows operating system.
The recommended minimum screen resolution is 1024 x 768.
Note: Searching for vulnerabilities in large reports might take a long time to complete. Use
Microsoft Internet Explorer 9.0 for the best results.

McAfee Vulnerability Manager 7.5 Installation Guide

16

System Requirements and Architectures


Network requirements

McAfee recommendations

Install the latest service packs for your browser and operating system.
Disable third-party pop-up blockers, web filters, and other extensions because these products can
interfere with the ability to display certain pages in the enterprise manager.
Install the Trusted Site Certificate (page 62) for all users accessing the enterprise manager.
Turn off Display intranet sites in compatibility View.
Note: Large fonts are not supported in Internet Explorer.

Disable Enhanced Security Configuration


If you are using Microsoft Internet Explorer 9 and Microsoft Windows Server 2008 (or Windows Server
2008 R2) to access the enterprise manager, Enhanced Security Configuration should be disabled.
1

Select Start | Administrative Tools | Server Manager.

Under Security Information, click Configure IE ESC.

Under Administrators, select Off.


Note: Don't disable the Enhanced Security Configuration for Users, unless nonadministrators use the Microsoft Windows Server 2008 (or Windows Server 2008 R2) system for
accessing the portal.

Click OK.

Close the Server Manager window.

Network requirements
McAfee Vulnerability Manager components use the network ports and protocols listed in the following
tables. If a firewall separates components, these ports and protocols must be opened in your firewall
configuration before you install McAfee Vulnerability Manager 7.5.
The network requirements diagrams use a distributed deployment architecture to display
communication paths. If you use a different deployment architecture, be sure to note which system is
running a McAfee Vulnerability Manager component, and use the port number and communication
path specified in the communication path tables.
The network requirements diagrams are separated into two groups: connecting McAfee Vulnerability
Manager components and connecting to external components. External components include other
databases, McAfee ePO databases, LDAP or Active Directory servers, and external ticketing or issue
management systems.

McAfee Vulnerability Manager 7.5 Installation Guide

17

System Requirements and Architectures


Network requirements

Connecting McAfee Vulnerability Manager components

Figure 1: Network requirements


McAfee Vulnerability Manager component communication paths
#

Title

Description

System 1 Enterprise
manager

Enterprise manager

System 2 API service,


scan controller, and scan
engine

System 3 Database*

Scan controller
API server
Scan engine
Data synchronization
service
Notification service
Database
Configuration manager
Report engine

System 5 Scan Engine

Scan engine

Authenticated User

Users log on to the enterprise


manager.

Assessment management
search results

Ports: 443 or 80

Command and control

Port: 3800

System 4 Report server

SOAP over HTTPS or HTTP

SOAP over HTTPS or HTTP


3

API service

Port: 1433
(SSL over) TCP/IP

Scan data

Port: 1433
(SSL over) TCP/IP
McAfee Vulnerability Manager 7.5 Installation Guide

18

System Requirements and Architectures


Network requirements

Data synchronization
service**

Port: 1433

Notification service***

Port: 1433

(SSL over) TCP/IP

(SSL over) TCP/IP


7

Scan data

Port: 1433
(SSL over) TCP/IP

Report data

Port: 1433
(SSL over) TCP/IP

Scan data (scan engine to Ports: 3803


scan controller)
REST over HTTPS or HTTP

10

Generating reports or
Ports: 3802
changing report templates
REST over HTTPS or HTTP

11

Generated reports

Ports: 443 or 80
REST over HTTPS or HTTP

12

Web browser traffic

Ports: 443 or 80
HTTPS or HTTP

*Changing the location of the configuration manager requires a communication path between the
configuration manager and the database, using Port: 1433, (SSL over) TCP/IP.
**Changing the location of the data synchronization service changes the communication path(s)
displayed in this diagram.
***Changing the location of the notification service changes the communication path(s) displayed in
this diagram.
Note: All McAfee Vulnerability Manager components have an FCM Agent installed. The
communication between each FCM Agent and the configuration manager server is Port: 3801, (SSL
over) TCP/IP.

McAfee Vulnerability Manager 7.5 Installation Guide

19

System Requirements and Architectures


Network requirements

Connecting external components

Figure 2: External component communications


External component communication paths
#

Title

Description

System 2 API service,


scan controller, and scan
engine

External ticketing or issue


management

External SMTP server

External LDAP / Active


Directory (AD)

External McAfee ePO


Database

Notification service*

Scan controller
API server
Scan engine
Data synchronization
service
Notification service

Port: 162
SNMP

Notification service*

Port: 161
SNMP

Notification service*

Port: 25
SMTP

Data synchronization
service**

Port: 389

Data synchronization
service**

Port: 1433

LDAP

(SSL over) TCP/IP

McAfee Vulnerability Manager 7.5 Installation Guide

20

System Requirements and Architectures


Deployment architectures

*Changing the location of the notification service changes the communication path(s) displayed in this
diagram.
**Changing the location of the data synchronization service changes the communication path(s)
displayed in this diagram.

Deployment architectures
When installing McAfee Vulnerability Manager 7.5 components on multiple servers, use these general
guidelines to help determine the best setup for your network:

Dual-server architecture (on page 21)


Three-server architecture (on page 22)
Distributed server architecture (see "More than three servers" on page 23)

Dual-server architecture
This architecture is appropriate for small to medium (class C and class B) networks. The scan
controller, scan engine and the database are installed on the same server; the enterprise manager is
installed on its own server. This allows fast, efficient communication between the scan controller, scan
engine, and database while a dedicated server runs the enterprise manager interface for your users.

Figure 3: Dual server architecture

System 1: Web portal

Web portal
Report engine

System 2: Database and scan engine

Scan controller
Scan engine
API server
Notification service
Data synchronization service
Database
Configuration Manager

McAfee Vulnerability Manager 7.5 Installation Guide

21

System Requirements and Architectures


Deployment architectures

Three-server architecture
This architecture is designed for large, global enterprises, and is appropriate for scanning multiple
class B and class A networks. In this configuration, all three components reside on individual servers.

Figure 4: Three-server architecture

System 1: Web portal

Web portal

System 2: Scan engine

Scan controller
Scan engine
API server
Notification service
Data synchronization service

System 3: Database

Database
Report engine
Configuration manager

McAfee Vulnerability Manager 7.5 Installation Guide

22

System Requirements and Architectures


Deployment architectures

More than three servers


Larger, more complicated environments need multiple scan engines. Each engine generates scan
traffic on their local network segments, and sends the resulting scan data back over the WAN to the
database. This dramatically reduces the amount of traffic on the WAN resulting from network scans.
Multiple scan engines can be added to this architecture.

Figure 5: Distributed server architecture


System 1:
Web portal

Web portal

System 2:
API server

Scan controller
Scan engine
API server
Notification service
Data synchronization
service

System 4:
Report server

Report engine

System 3:
Database

Database
Configuration manager

System 5:
Scan engine

Scan engine

McAfee Vulnerability Manager 7.5 Installation Guide

23

Installing on a Single Server


McAfee Vulnerability Manager architecture

Installing on a Single Server


The goal of this chapter is to give you an outline of the steps needed to conduct your first vulnerability
scan with the McAfee Vulnerability Manager Software. This chapter is not intended to provide all of the
detailed information you might need, rather simply provides a brief overview of the process. Later
chapters in this guide contain more detailed information, including installing McAfee Vulnerability
Manager on more than one server.
This chapter takes a layered approach to help you better understand the overall McAfee Vulnerability
Manager solution and how the pieces fit together. This chapter provides the following information:

An outline of the overall process necessary to conduct your first vulnerability scan
A high-level overview of the McAfee Vulnerability Manager architecture
How the pieces fit together
A checklist to help you install and configure McAfee Vulnerability Manager to run on a single
appliance
A checklist to help you conduct your first vulnerability scan and produce a report

Note: McAfee Vulnerability Manager does not support installation on a system with an underscore in
the host name.

Audience
This chapter is designed for the new user installing McAfee Vulnerability Manager on a single server
(also known as Standard or an All-in-One). If you need to install McAfee Vulnerability Manager on
more than one server, review later chapters in this document for more information.

Process overview
There are several steps necessary to set up and configure McAfee Vulnerability Manager and begin
scanning. This list highlights the general steps:
1

Configure Microsoft SQL 2005 or 2008

Install and configure McAfee Vulnerability Manager 7.5 on a single system (All-in-One)

Set up your first scan and review the report

McAfee Vulnerability Manager architecture


McAfee Vulnerability Manager consists of several components. The three major components of McAfee
Vulnerability Manager are:

Enterprise Manager (web user interface)


Database using Microsoft SQL Server (Microsoft SQL Server 2005, 2008 R2, 2005 Express, 2008,
or 2008 R2 Express)
Scan Engines (there can be several scan engines per McAfee Vulnerability Manager instance and
the scan engines can be remote)
McAfee Vulnerability Manager 7.5 Installation Guide

24

Installing on a Single Server


Installing and configuring McAfee Vulnerability Manager on a single server

Other McAfee Vulnerability Manager configuration applications and services include a scan controller,
an API service, a reporting service, a notification service, configuration manager, an update service,
and data synchronization.
In large enterprises, scanning hundreds of thousands of assets, these components and services
should be installed on three to five separate appliances. This process is described in later sections of
this guide, and is not be the focus of this chapter.
However, for most customers not scanning hundreds of thousands of assets, a simpler approach is
adequate. Either a single server or two servers (database separate) provides sufficient capacity. This
chapter takes you through the process of installing McAfee Vulnerability Manager on a single server.

How the pieces fit together


After the initial system configuration, all vulnerability management functions (scanning, reporting, and
remediation) are driven through the web portal. As McAfee Vulnerability Manager scans targets, the
data is stored in the SQL database and reports are generated by the report server. Reports can be
delivered by email or viewed through the web portal.
When deploying remote scanning engines (or other distributed McAfee Vulnerability Manager
components) on other servers, the secure communication link between the distributed components is
managed by the configuration manager. The configuration manager is mainly for infrastructure
management, not for every day vulnerability management.

Installing and configuring McAfee Vulnerability Manager on


a single server
You can install and configure McAfee Vulnerability Manager on a single server that uses Microsoft SQL
Server as its database.
The SQL settings are similar for both Microsoft SQL 2005 and SQL 2008, but the setting locations are
different in each installation wizard. The SQL Server settings for both versions are included in this
guide.
For Microsoft SQL Server 2008 R2 Express settings, see Using Microsoft SQL 2008 R2 Express (page
102).

Configuring Microsoft SQL 2005 (15-30 minutes)


McAfee Vulnerability Manager 7.5 uses Microsoft SQL Server as its database. Install the Microsoft SQL
Server database as directed by the SQL Server documentation.
For information about installing Microsoft SQL Server 2005 Express or 2008 R2 Express, see the
Appendix in this guide.
Before installing the SQL Server, make sure your systems meet the minimum system requirements
(see "System Requirements and Architectures" on page 9).
Note: If you are upgrading from SQL Server 2000 to SQL Server 2005, go to Upgrading to SQL Server
2005 (page 67).

McAfee Vulnerability Manager 7.5 Installation Guide

25

Installing on a Single Server


Installing and configuring McAfee Vulnerability Manager on a single server

SQL server installation suggested settings


The following table shows the page names and recommended settings for each step of the installation.
These settings are based on a typical Microsoft SQL Server 2005 installation.
Installation Page

Setting

Components to
Install

Select SQL Server Database Services and the


Workstation components, Books Online and
development tools.

Instance Name

Select Default instance.


Note: It is possible to give the instance a name. You
must type this instance name when installing other
McAfee Vulnerability Manager components. See
Changing the SQL Instance Name (page 47).

Service Account

Select Use the built-in System account, then


select Local system from the list.
Select SQL Server under Start services at the
end of setup.

Authentication Mode

Select Mixed mode. This mode is required to create


or upgrade the database. See Changing the Database
Authentication Settings (on page 77) for information on
how to change this setting later.
Create a password for the SA account. The
maximum password length is 128 characters.
Important: Remember the SA account password. You
can use the SA account to access the database for
maintenance or to back up the database.

Collation Settings

Accept the defaults.

Error and Usage


Report Settings

Accept the defaults (none selected).

After the installation has completed, McAfee recommends that you restart the computer before using
SQL Server. Then, make sure the system has the latest SQL server service pack.

Configuring SQL Server 2008 (15 - 30 minutes)


The following lists show the recommended and minimum Microsoft SQL Server 2008 and 2008 R2
features for using McAfee Vulnerability Manager.
Note: If you are upgrading from Microsoft SQL Server 2000 to Microsoft SQL Server 2008, go to
Upgrading Microsoft SQL Server 2000 (page 67).

SQL server installation (recommended)

Database Engine Services, including all sub-features


Client Tools Connectivity
Client Tools Backward Compatibility
SQL Server Books Online
Management Tools (complete)

McAfee Vulnerability Manager 7.5 Installation Guide

26

Installing on a Single Server


Installing and configuring McAfee Vulnerability Manager on a single server

SQL server installation (minimum)

Database Engine Services


Client Tools Connectivity
Client Tools Backward Compatibility

After the installation finishes, McAfee recommends that you restart the computer to begin using SQL
Server. Then, make sure you have the latest SQL server service pack.

Installing McAfee Vulnerability Manager (30 minutes - 1 hour)


1

Run the McAfee Vulnerability Manager installation program. The Welcome to McAfee
Vulnerability Manager screen appears. Click Next. The end user license agreement appears.

Read the end user license agreement. Select Accept, then click Next. The Select Installation
Type screen appears.

Select Standard, then click Next.

Select the database server where you want to install the database.
Note: For 64-bit operating systems, you must type in the database server name.
You must have administrative access to the SQL database to install the database. You can select
Windows authentication or SQL Server authentication. If you select SQL Server authentication,
type the SQL database credentials.
Click Next.

Review the system checklist.


The installation program runs a system check to ensure that all dependencies (critical and noncritical) are met. If any of the dependency checks fails, you must resolve the issue before you can
install McAfee Vulnerability Manager. To resolve a dependency check, you must exit the
installation program, fix the issue, then rerun the installation program.
If all system checks pass, click Next. The Database Connection Information screen appears.

Type a McAfee Vulnerability Manager user password for the database.


Type and re-type a password for the McAfee Vulnerability Manager user. The host name or IP
address of this server is already entered in the field. The McAfee Vulnerability Manager user is
used for connecting other McAfee Vulnerability Manager components to the database.
Click Next. The Global Administrator Password page appears.

Create a password for the McAfee Vulnerability Manager Global Administrator.


The McAfee Vulnerability Manager Global Administrator can create organizations and manage
workgroups (sub-organizations) through the web interface. Type and re-type a password for the
Global Administrator. There is only one global administrator per McAfee Vulnerability Manager
deployment. Click Next to continue.
When logging on as the Global Administrator, the organization name is fsglobal and the user
name is globaladmin.

Create a new organization and type an administrator password.


McAfee Vulnerability Manager uses organizations and workgroups (sub-organizations) as a way of
managing access to the McAfee Vulnerability Manager web interface.
Type the name of your first organization. Then type and re-type a password for the Administrator.
Click Next. The Installation Settings page appears.

Click Install to install McAfee Vulnerability Manager. Since all components are installed on one
server, there is no need to change any settings on the Installation Settings page.

10 When the installation process is complete, click Finish. A message states that a system restart is
required.
11 Click OK to restart the system.
Note: When installing McAfee Vulnerability Manager on Windows 2008 R2, a FS user account is
created and appears on the logon screen. The FS account is reserved for the McAfee Vulnerability
Manager scan engine and should not be used or modified.

McAfee Vulnerability Manager 7.5 Installation Guide

27

Installing on a Single Server


Creating your first vulnerability scan and report

The McAfee Vulnerability Manager single server system is configured and you can create your first
vulnerability scan, run it, and review the results.
Note: Any changes made to the server hosting the McAfee Vulnerability Manager web portal (e.g.
system name or domain name) after installation requires a manual change to the shortcut on the
desktop.

Creating your first vulnerability scan and report


Once your McAfee Vulnerability Manager is installed and configured on a single server, you can create
a Full Vulnerability scan and view the report.
This section describes the steps required to set up your first vulnerability scan, run the scan, then
review the results. Suggestions and tips are included to help you understand the workflow for McAfee
Vulnerability Manager scans and scan data. More detailed information is available in the McAfee
Vulnerability Manager product guide.
McAfee Vulnerability Manager scans begin by creating a scan configuration through the web interface.
A full vulnerability scan assesses your network for vulnerabilities using all existing non-intrusive
vulnerability checks. The vulnerability scan report shows you the comprehensive data collected by the
scan that provides an executive overview of the scan results and detailed information for each system
scanned. It is recommended for your first scan to use a small set of the IP addresses available on
your network. Full vulnerability scans require more time than other McAfee Vulnerability Manager
scans due to the amount of data being assessed during the scan. By providing a small set of systems
to scan, you can see the benefits of McAfee Vulnerability Manager scanning and reports in a shorter
period of time.
You can create your own scan configuration or select a pre-configured scan template. In a scan
configuration you assign IP addresses or ranges to be scanned, type the credentials for accessing
systems during scanning, select which vulnerabilities to scan for, select formats for your reports, and
set up a schedule for running the scan.
Providing credentials in a scan configuration allows the scan engine credentialed access to the
systems being scanned, and returns a more accurate report on which systems are vulnerable and
which are not. You can create a credential set which is a list of user credentials that can be used
during a scan. A credential set can be used in multiple scan configurations and saves you time when
user credentials change. You can update one credential set and have it applied to multiple scan
configurations rather than having to update each scan configuration.

Building your first vulnerability scan


Create a Full Vulnerability scan to find asset vulnerabilities on your network.
1

Log on to the enterprise manager as an organizational administrator.


Double-click the McAfee Vulnerability Manager icon on the desktop to open the logon page. Use
the organization name, organization administrator name and password you created. For the
organization you created during installation, the user name is Administrator.
The home page displays key information about the systems scanned within an organization or
workgroup. This page is populated with data once you have completed your first scan.

Open the new scan window and select a McAfee Vulnerability Manager template.
Select Scans | New Scan, the Scan Details window appears. Select Use a McAfee
Vulnerability Manager template and a list of available McAfee Vulnerability Manager templates
appears. Select Full Vulnerability Scan and click Next. The window displays the scan
configuration tabs.

McAfee Vulnerability Manager 7.5 Installation Guide

28

Installing on a Single Server


Creating your first vulnerability scan and report

Give the scan configuration a name and select your scan targets.
Type First Vuln Scan in the Name field. Type the IP address(es) you want to scan by either
typing individual host names or IP addresses using the Host Name field, or type an IP range
using the Starting IP Address and Ending IP Address fields. Click the plus icon (+) to include
the IP addresses and host names to your scan configuration. Click Next and the Settings tab
appears. Accept the defaults for your first scan. Click Next. The Reports tab appears.

Do not create remediation tickets for your first scan.


Deselect Create remediation tickets. Remediation tickets are not covered in this section. More
information about remediation tickets is available in the McAfee Vulnerability Manager product
guide. Click Next and the Scheduler tab appears.
Set Activation to Active and, under Schedule Type, select Immediate is selected under . Click
Save and Scan Now. The vulnerability scan starts.
To view the status of this scan, select Scans | Scan Status. The Scan Status page appears.
Depending on how many hosts you set for this scan, the scan could take several minutes to
complete.

Viewing the vulnerability scan report


Once your first vulnerability scan is complete, you can view the results in the web browser.
1

Open the vulnerability report.


From the Scan Status page, click the View Report button to display the scan report page.
Or select Reports | View Scan Reports. Click View Report to open the report in the browser.

Review the summary results of the vulnerability scan.


The McAfee Vulnerability Manager Summary Report page provides an executive-level
overview of the scan results.
The FoundScore summary shows the amount of risk based on the FoundScore Risk Rating
System. The rating system compares your environment against best practices to calculate your
FoundScore value. A high FoundScore value (71-100) means your network is more secure, while a
low FoundScore value (0-50) means your network has more security weaknesses.
The Vulnerability Report Summary provides charts to represent the total number
vulnerabilities and the percentage of vulnerabilities based on severity.
Click Detailed Report in the Vulnerability Report Summary section header to view the
Detailed Vulnerability Report.

Review the vulnerability report of the vulnerability scan.


The McAfee Vulnerability Manager Detailed Vulnerability Report page contains more
information about the vulnerabilities found on the targets you scanned.
The Number of Vulnerabilities by Operating System chart shows how many vulnerabilities
were discovered for each operating system on your network. Each bar in the chart has colored
segments to show the high, medium, low, and informational levels of the vulnerabilities found for
each operating system. This chart provides a quick view of which operating system has the
highest total number of vulnerabilities and which operating system has the highest number of
high-risk vulnerabilities. You can see which operating systems are the most vulnerable on your
network. If the chart is difficult to read, there is a table with the same information just below the
chart.
The Top 15 Hosts with the Largest Number of Vulnerabilities chart shows which individual
targets on your network have the most number of vulnerabilities discovered during the scan. This
chart provides a quick view of which target has the highest total number of vulnerabilities and
which target has the highest number of high-risk vulnerabilities. This allows you to prioritize which
targets need immediate attention. Just below the hosts chart is a table that lists the 15 hosts
represented in the chart, with links that take you to the target details page (Vulnerabilities By
IP Report). Click on one of your host links in the Top 15 Hosts with Vulnerabilities table.

Review the vulnerabilities for a single target.


The Vulnerabilities By IP Report is a paged report with vulnerability information found on each
target scanned. By using the Top 15 Hosts with Vulnerabilities link, you can go directly to a
high-risk target and review the vulnerability information for that target.

McAfee Vulnerability Manager 7.5 Installation Guide

29

Installing on a Single Server


Post-installation activities

Each vulnerability information section has a short description, a recommendation on how to


resolve the issue, an observation that explains how the vulnerability is used, and a link to the
Common Vulnerabilities and Exposures (CVE) website (if a CVE exists for this vulnerability).
Congratulations, you have just completed your first vulnerability scan and reviewed the report. What
you learned in this quick start guide can be applied to the other McAfee Vulnerability Manager scan
templates to help you gather the network information you need and review the results. For more
information on scanning and other McAfee Vulnerability Manager functions, review the product guide
or web portal help.

Post-installation activities
After McAfee Vulnerability Manager is installed and generating reports, review the Post Installation
Activities (see "Configuring Your Servers" on page 51) to finalize your McAfee Vulnerability Manager
configuration. Post installation activities include registering McAfee Vulnerability Manager, setting up
McAfee Vulnerability Manager Update, and hardening your servers.

McAfee Vulnerability Manager 7.5 Installation Guide

30

Installing on Multiple Servers


Before you install McAfee Vulnerability Manager

Installing on Multiple Servers


The following preinstallation planning, system preparation, and McAfee Vulnerability Manager
installation procedures are for users installing McAfee Vulnerability Manager components on more
than one server.

Before you install McAfee Vulnerability Manager


Before you install McAfee Vulnerability Manager 7.5, read these instructions to ensure that your
systems are prepared. You need to understand the type of architecture you are installing, and the
system requirements for each server within that architecture.
Note: McAfee Vulnerability Manager does not support installation on a system with an underscore in
the host name.

McAfee Vulnerability Manager 7.5 components


McAfee Vulnerability Manager 7.5 consists of five main components:

The enterprise manager uses Microsoft Internet Information Services (IIS) to provide authorized
users with access to McAfee Vulnerability Manager 7.5 through their web browsers. It allows them
to manage and run McAfee Vulnerability Manager 7.5 from anywhere on the network. Access is
protected by user identification and authentication. Secure Socket Layers (SSL) can be set up
through the web server to provide encrypted communications to browsers.
One or more scan engines scan the network environment. Depending on the logistics and size of
your network, you might need more than one scan engine to scan the network.
Note: If you change the network settings on the server running the scan engine, the system
should be restarted or the scan components must be restarted.

The API server provides the communication between the enterprise manager and the database. It
is recommended that the API server is installed on one of the scan engines.
The scan controller provides the communication between the scan engine and the database. It is
recommended that the scan controller is installed on one of the scan engines.
The database is the data repository for the McAfee Vulnerability Manager system. It uses Microsoft
SQL Server to store everything from scan settings and results to user accounts and scan engine
settings. It contains all of the information needed to track organizations and workgroups, manage
users and groups, run scans, and generate reports.

Each component can be on its own dedicated server, although it is possible to combine the scan
engine and database when installing on smaller networks. Each server should contain a fresh
installation of the operating system with updated security patches. Do not run any other major
applications on these servers.
Users log onto the enterprise manager through their web browser to access the system.
Note: To ensure scan accuracy and device communication, McAfee recommends specifying a static IP
address.

McAfee Vulnerability Manager 7.5 Installation Guide

31

Installing on Multiple Servers


System component preparation

Additional modules
Four additional modules are available in McAfee Vulnerability Manager 7.5. These modules can be
installed with other McAfee Vulnerability Manager components. See System requirements and
architectures (on page 9) section for further details.

The configuration manager distributes initial certificates to the other McAfee Vulnerability Manager
components and manages updates to the various components of McAfee Vulnerability Manager.
The notification service provides SNMP and email (SMTP) notification messages for integration
with third-party helpdesk management systems and email servers. The notification service can be
installed on any server that meets the system requirements it does not have to be installed on a
server running other McAfee Vulnerability Manager components.
The report engine generates both scan-based and asset-based reports.
The data synchronization service gathers information from McAfee Vulnerability Manager
databases, ePO databases and LDAP servers. For McAfee Vulnerability Manager databases, it
provides scan data and asset information to be imported from another McAfee Vulnerability
Manager database. For ePO databases, it provides data to McAfee Vulnerability Manager for host
and OS identification. For LDAP servers, it provides assets that can be added to scan
configurations.

System component preparation


Before installing McAfee Vulnerability Manager 7.5, prepare the servers that host the enterprise
manager, database, API server, scan controller, and scan engine(s). These servers must contain the
proper supporting software and service packs. The installation program verifies that these
requirements have been met before installing McAfee Vulnerability Manager 7.5.
Refer to the system requirements (see "System Requirements and Architectures" on page 9) before
proceeding.
Note: Before beginning the installation process, ensure that all systems on which McAfee
Vulnerability Manager is installed have valid computer names. This includes ensuring that invalid
characters are not used as part of the computer name, such as underscores (current operating
systems no longer allow the underscore to be used as part of the computer name). Valid characters
for the computer name are upper and lowercase alphabetic characters, numeric characters, and the
dash.

Preparing the database server


McAfee Vulnerability Manager 7.5 uses Microsoft SQL Server as its database. Install the Microsoft SQL
Server database as directed by the SQL Server documentation.
For information about installing Microsoft SQL Server 2005 Express or 2008 R2 Express, see the
Appendix in this guide.
Before installing the SQL Server, make sure your systems meet the minimum system requirements
(see "System Requirements and Architectures" on page 9).

McAfee Vulnerability Manager 7.5 Installation Guide

32

Installing on Multiple Servers


System component preparation

Microsoft SQL server 2005 installation settings


The following table shows the page names and recommended settings for each step of the installation.
These settings are based on a typical Microsoft SQL Server 2005 installation.
If you are upgrading from Microsoft SQL Server 2000 to Microsoft SQL Server 2005, go to Upgrading
Microsoft SQL Server 2000 (page 67).
Note: During installation, the database name is not automatically added to the database field on the
Database Administrator page. You must type in the database name or the instance name.

SQL server installation suggested settings


Use the following settings to configure your SQL Server.
Installation Page

Setting

Components to
Install

Select SQL Server Database Services and the


Workstation components, Books Online and
development tools.

Instance Name

Select Default instance.


Note: It is possible to give the instance a name. You
must type this instance name when installing other
McAfee Vulnerability Manager components. See
Changing the SQL Instance Name (page 47).

Service Account

Select Use the built-in System account, then


select Local system from the list.
Select SQL Server under Start services at the
end of setup.

Authentication Mode

Select Mixed mode. This mode is required to create


or upgrade the database. See Changing the Database
Authentication Settings (on page 77) for information on
how to change this setting later.
Create a password for the SA account. The
maximum password length is 128 characters.
Important: Remember this password. You need it when
you install the McAfee Vulnerability Manager
Configuration Manager, scan controller, API server,
notification service, data synchronization service, and
report engine.

Collation Settings

Accept the defaults.

Error and Usage


Report Settings

Accept the defaults (none selected).

After the installation finishes, McAfee recommends that you restart the computer to begin using SQL
Server. Then, make sure you have the latest SQL server service pack.

McAfee Vulnerability Manager 7.5 Installation Guide

33

Installing on Multiple Servers


System component preparation

Changing the Microsoft SQL memory settings


Change the memory settings for Microsoft SQL Server to optimize performance for McAfee
Vulnerability Manager.
1

Select Start | Programs | Microsoft SQL Server | SQL Server Management Studio.

Log on to SQL Server Management Studio.

Right-click the server and select Properties.

Select Memory.

Change the Maximum Server Memory to two-thirds the maximum server memory.

Click OK.

Microsoft SQL server 2008 and 2008 R2 installation features


The following lists show the recommended and minimum Microsoft SQL Server 2008 and 2008 R2
features for using McAfee Vulnerability Manager.
Note: If you are upgrading from Microsoft SQL Server 2000 to Microsoft SQL Server 2008, go to
Upgrading Microsoft SQL Server 2000 (page 67).

SQL server installation (recommended)

Database Engine Services, including all sub-features


Client Tools Connectivity
Client Tools Backward Compatibility
SQL Server Books Online
Management Tools (complete)

SQL server installation (minimum)

Database Engine Services


Client Tools Connectivity
Client Tools Backward Compatibility

After the installation finishes, McAfee recommends that you restart the computer to begin using SQL
Server. Then, make sure you have the latest SQL server service pack.

Preparing the scan engine server


Before you install McAfee Vulnerability Manager 7.5, make sure that the server on which you want to
install the scan engine is properly prepared by doing the following:

Make sure your systems meet the minimal system requirements. For more information, see
System Requirements (see "System Requirements and Architectures" on page 9).

If MDAC 2.8 is not installed on the scan engine, download and install the latest MDAC from the
Microsoft website. McAfee Vulnerability Manager 7.5 does not install without this required
component.

Note: The installation program checks for the Microsoft Windows Script 5.7 and installs it if
necessary. This program can be updated by the Windows Update Program through the Internet
Explorer web browser.

McAfee Vulnerability Manager 7.5 Installation Guide

34

Installing on Multiple Servers


McAfee Vulnerability Manager 7.5 installation

Preparing the web server


McAfee Vulnerability Manager uses Microsoft Internet Information Services Web Server (IIS) to host
the enterprise manager and make it available throughout the network.

Windows 2003
On Windows Server 2003, IIS version 6.0 is installed by default.

Windows 2008 R2
On Windows Server 2008 R2, IIS version 7.5 is not installed by default.
1

Open the Server Manager.


If this does not open when you start Windows 2008 R2, select Start | Administrative Tools |
Server Manager.

In the console tree (left pane), select Roles.

Select Add Roles.

Select Server Roles from the left pane.

Select Web Server (IIS) to install.

Select Role Services from the left pane.

Select CGI under Application Development.

Click Next, then click Install.

Once the installation is complete, click Close.

McAfee Vulnerability Manager 7.5 installation


The McAfee Vulnerability Manager installation contains a list of suggested architectural configurations.
The suggested configurations have a predefined list of McAfee Vulnerability Manager components to
install on a server. For more details about suggested architectural configurations and the McAfee
Vulnerability Manager components installed on each server, review System Requirements and
Architectures (on page 9).
The McAfee Vulnerability Manager installation also contains a custom configuration setting so you can
select which McAfee Vulnerability Manager components to install onto a server. Customizing your
McAfee Vulnerability Manager installation can help if you have a large network, run a large number of
scans, or generate a high volume of reports.
Note: If you are hiding your Microsoft SQL server, see "Hiding an instance in Microsoft SQL Server"
(page 45) for more installation information.
Caution: The data synchronization service should only be installed on networks that use McAfee
ePolicy Orchestrator, LDAP, or multiple McAfee Vulnerability Manager databases.

McAfee Vulnerability Manager 7.5 Installation Guide

35

Installing on Multiple Servers


McAfee Vulnerability Manager 7.5 installation

Installing using a recommended installation type


McAfee Vulnerability Manager provides some recommended installation types when installing on more
than one server.
Tip: Before installing, close all other applications on the server.
Note: When installing McAfee Vulnerability Manager on a server running Microsoft Windows 2008 R2,
you must log on as the root administrator for the server or the Admin Approval Mode (see "Disabling
Admin Approval Mode (Windows 2008 R2)" on page 102) must be disabled.
1

Run the McAfee Vulnerability Manager installation program. The McAfee Vulnerability Manager
- Welcome screen appears.

Click Next. The end user license agreement appears.

Read the agreement, select Accept, then click Next. The Select Installation Type page
appears.

Select Advanced, then click Next. The Select Installation Type page appears.

Select an Architecture type, then select the System you are installing onto the server.
See Deployment Architectures (page 21) for suggestions on how to set up your servers.

Click Next. The System Checks page appears.

The installation program runs a system check to ensure that all critical and non-critical
dependencies are met. If any of the dependency checks fails, you must resolve the issue before
you can install McAfee Vulnerability Manager. To resolve a dependency check, you must exit the
installation program, fix the issue, then rerun the installation program.

Click Next.
The Architecture and System you selected to install determines what information you must create
or provide. See Information needed during installation (page 37) table for the information you need.
Type McAfee Vulnerability Manager information and click Next until the Installation Settings
page appears.

Review the installation settings and make sure all settings are correct.
To change a setting, double-click the setting. When you are finished modifying the setting, click
Next to return to the Installation Settings screen. See Installation Setting Descriptions (on page
43) for more details about each setting.

10 Click Install. The McAfee Vulnerability Manager components are installed.


11 When the installation process is complete, click Finish. A message states that a system restart is
required.
12 Click OK to restart the system.
Note: When installing McAfee Vulnerability Manager on Microsoft Windows 2008 R2, a FS user
account is created and appears on the logon screen. The FS account is reserved for the McAfee
Vulnerability Manager scan engine and should not be used or modified.
McAfee Vulnerability Manager sends updates to some components after the installation process is
complete, like sending content updates to the scan engines. In most cases, these updates finish
shortly after the installation is complete. If there are a large number of scan engines or there is low
bandwidth communication to the scan engines, this update process could take longer. If McAfee
Vulnerability Manager is not functioning properly right after an installation, the update process might
not be complete.
Tip: Any changes made to the server hosting the McAfee Vulnerability Manager web portal (e.g.
system name or domain name) after installation requires a manual change to the shortcut on the
desktop.

McAfee Vulnerability Manager 7.5 Installation Guide

36

Installing on Multiple Servers


McAfee Vulnerability Manager 7.5 installation

Information needed during installation


The following table shows the information you need to complete the installation process (based upon
the suggested configuration selected).

Information needed during installation:


Configuration

Information needed

Dual server Web portal

Configuration manager IP address/host name and


port number
API server IP address/host name and port number
Database IP address/host name
Faultline database password

You must decide:

To enable or disable the ability of an organization


administrator to switch to the Global Administrator
user interface

Note: This is not recommended when there are multiple


organization administrators. Global Administrator settings
affect all organizations, which could lead to negative results if
too many users have access to the Global Administrator
interface.
Dual server Scan engine/
Database

Windows authentication to the SQL database, or


database administrator user name and password
Location of the enterprise manager (IP address,
NetBIOS, or DNS-resolvable name)
One-time synchronization with external remediation
management system.
Send notifications via SNMP, email, or both methods
Creating a new database or upgrading an existing
database
Whether or not to force protocol encryption

You must create:

Faultline database password


Global Administrator password (by default, the
organization is fsglobal and the user name is
globaladmin)

Your first McAfee Vulnerability Manager


organization: create an organization name and
create a password for the organization administrator

McAfee Vulnerability Manager 7.5 Installation Guide

37

Installing on Multiple Servers


McAfee Vulnerability Manager 7.5 installation

Three server Web portal

Configuration manager IP address/host name and


port number
API server IP address/host name and port number
Report server IP address/host name and port
number

You must decide:

To enable or disable the ability of an organization


administrator to switch to the Global Administrator
user interface

Note: This is not recommended when there are multiple


organization administrators. Global Administrator settings
affect all organizations, which could lead to negative results if
too many users have access to the Global Administrator
interface.
Three server Scan engine

Three server Database

Configuration manager IP address/host name and


port number
Location of the enterprise manager (IP address,
NetBIOS, or DNS-resolvable name)
One-time synchronization with external remediation
management system.
Send notifications via SNMP, email, or both methods
Database IP address/host name
Faultline database password
Windows authentication to the SQL database, or
database administrator user name and password
Location of the enterprise manager (IP address,
NetBIOS, or DNS-resolvable name)
Report server IP address/host name and port
number
Creating a new database or upgrading an existing
database
Whether or not to force protocol encryption

You must create:

Faultline database password


Global Administrator password (by default, the
organization is fsglobal and the user name is
globaladmin)

Your first McAfee Vulnerability Manager


organization: create an organization name and
create a password for the organization administrator

Adding an extra scan engine


Add extra scan engines to your network to fit your organization's needs. Extra scan engines are part
of the suggested Distributed Server architecture.
You can install the scan engine and scan controller on a system running Microsoft Windows Server
2003, but there are limitations. See Microsoft Windows Server 2003 support (page 16). During
installation, after accepting the end user license agreement, you have to option to install the scan
controller and scan engine. All other McAfee Vulnerability Manager components must be installed on a
system running Microsoft Windows Server 2008 R2.

McAfee Vulnerability Manager 7.5 Installation Guide

38

Installing on Multiple Servers


McAfee Vulnerability Manager 7.5 installation

Run the McAfee Vulnerability Manager installation program. The McAfee Vulnerability Manager
- Welcome screen appears.

Click Next. The End User License Agreement page appears.

Select I accept the terms of this license agreement. Click Next. The Select Installation
Type page appears.

Select Advanced. Click Next.

Under Architecture, select Custom. Click Next.

Select Scan Engine. Make sure all other McAfee Vulnerability Manager components are
deselected. Click Next.

Review the system checks and make sure all dependencies have passed. If any dependencies
have failed, exit the installation, correct the dependency, then restart the installation process.
Click Next.

Type the IP address of the server hosting the configuration manager. If you want to change the
port number for configuration manager, type the port number in the port field. Click Next.

Review the installation settings and make sure all settings are correct.
To change a setting, double-click the setting. When you are finished modifying the setting, click
Next to return to the Installation Settings screen. See Installation Setting Descriptions (on page 43)
for more details about each setting. Click Next.

10 When the installation process is complete, click Finish.

Installing using the custom installation type


Customize your installation by installing individual components on a server.
1

Run the McAfee Vulnerability Manager installation program. The McAfee Vulnerability Manager
- Welcome screen appears.

Click Next. The end user license agreement appears.

Select Accept, then click Next. The Select Installation Type page appears.

Select Advanced, then click Next. The Select Environment page is displayed.

Select Custom/Upgrade for the Architecture type.


For descriptions about each McAfee Vulnerability Manager component, see Select Components (see
"Select components for custom installation" on page 40).

Click Next. The System Checks page appears.

The installation program runs a system check to ensure that all dependencies (critical and noncritical) are met. If any of the dependency checks fails, you must resolve the issue before you can
install McAfee Vulnerability Manager. To resolve a dependency check, you must exit the
installation program, fix the issue, then rerun the installation program.

Click Next.
The Architecture and System you selected to install determines what information you must create
or provide. See the Component information needed (page 41) table when installing individual
components.
Type McAfee Vulnerability Manager information and click Next until the Installation Settings
page appears.

Review the installation settings and make sure all settings are correct.
To change a setting, double-click the setting. When you are finished modifying the setting, click
Next to return to the Installation Settings screen. See Installation Setting Descriptions (on page
43) for more details about each setting.

McAfee Vulnerability Manager 7.5 Installation Guide

39

Installing on Multiple Servers


McAfee Vulnerability Manager 7.5 installation

10 Click Install. The McAfee Vulnerability Manager components are installed.


11 When the installation process is complete, click Finish. A message states that a system restart is
required.
12 Click OK to restart the system.
McAfee Vulnerability Manager sends updates to some components after the installation process is
complete, like sending content updates to the scan engines. In most cases, these updates finish
shortly after the installation is complete. If there are a large number of scan engines or there is low
bandwidth communication to the scan engines, this update process could take longer. If McAfee
Vulnerability Manager is not functioning properly right after an installation, the update process might
not be complete.
Note: If your organization generates a high volume of reports, it is recommended that you install
your report engine and your database onto separate servers. See Running a large number of reports
(see "Performance issues when running a large number of reports" on page 77).

Select components for custom installation


This dialog box lets you select McAfee Vulnerability Manager component(s) to install on the current
server.

Figure 6: Select Components

Enterprise manager components


Component

Description

Database

Stores information including organization settings,


user account information, scan configurations, and
scan results.

McAfee Vulnerability Manager 7.5 Installation Guide

40

Installing on Multiple Servers


McAfee Vulnerability Manager 7.5 installation

Enterprise
manager

Provides web-interface to control scans, view


reports, and manage McAfee Vulnerability Manager
through your intranet.
Note: IIS must be installed and World Wide Web
Publishing Service must be running on the server for
the enterprise manager component to be available.

Notification
service

Adds Simple Network Management Protocol


(SNMP) integration for remediation tickets and
provides email support.

Configuration
manager

Provides a centralized, uniform way to patch,


update, configure, monitor, and otherwise manage
an entire McAfee Vulnerability Manager
deployment.

Report engine

Generates both scan-based reports and assetbased reports.

Data
synchronization
service

Gathers information from McAfee ePolicy


Orchestrator, LDAP, or other McAfee Vulnerability
Manager databases and provides it to McAfee
Vulnerability Manager for host and OS
identification.

API server

Provides the communication between the


enterprise manager and the database.

Scan controller

Provides the communication between the scan


engine and the database.

Scan engine

The scan engine scans the network.

Component information needed for custom installation


While McAfee Vulnerability Manager provides predefined configurations to meet most needs, some
organizations require some custom configurations. McAfee Vulnerability Manager allows you to select
which components to install. The following table lists the information needed when installing each
component by itself.

Information needed when installing components


Component

Information needed

Scan Engine

Configuration Manager IP address/host name and


port number

Scan Controller

Configuration Manager IP address/host name and


port number
Database IP address/host name
Faultline database password

McAfee Vulnerability Manager 7.5 Installation Guide

41

Installing on Multiple Servers


McAfee Vulnerability Manager 7.5 installation

Database

Windows authentication to the SQL database, or


database administrator user name and password
Configuration Manager IP address/host name and
port number
Creating a new database or upgrading an existing
database
Whether or not to force protocol encryption

You must create:

Enterprise
Manager

Faultline database password


Global Administrator password
Your first McAfee Vulnerability Manager
organization: create an organization name and
create a password for the organization administrator

Configuration Manager IP address/host name and


port number
API Server IP address/host name and port number
Report Engine IP address/host name and port
number

You must decide:

To enable or disable the ability of an organization


administrator to switch to the Global Administrator
user interface

Note: This is not recommended when there are multiple


organization administrators. Global Administrator settings
affect all organizations, which could lead to negative results if
too many users have access to the Global Administrator
interface.
Notification
Service

Configuration Manager IP address/host name and


port number
Database IP address/host name
Faultline database password

Configuration
Manager

Database IP address/host name


Faultline database password

Report Engine

Configuration Manager IP address/host name and


port number
Database IP address/host name
Faultline database password
Location of the enterprise manager (IP address,
NetBIOS, or DNS-resolvable name)

Data
synchronization

API server

Configuration Manager IP address/host name and


port number
Database IP address/host name
Faultline database password
Configuration Manager IP address/host name and
port number
Database IP address/host name
Faultline database password
Location of the enterprise manager (IP address,
NetBIOS, or DNS-resolvable name)

McAfee Vulnerability Manager 7.5 Installation Guide

42

Installing on Multiple Servers


McAfee Vulnerability Manager 7.5 installation

Installation setting descriptions


Before McAfee Vulnerability Manager starts installing components onto the server, the installer allows
you to review installation settings and make any changes necessary. The table below lists the
installation settings and provides a brief description of what the setting does.
Option

Description

Enterprise
Manager

The IP address, NetBIOS name, or DNS name


for the enterprise manager.

API Server

The IP address, NetBIOS name, or DNS name


for the API server.

API Server Port

The port number used to communicate with the


API server. The default port number is 3800.

Allow
Global/Org
Admin
Switching

Allow Root Organization Administrators to switch


to the Global Administrator user interface in the
enterprise manager.

Report Server

The IP address, NetBIOS name, or DNS name


for the report engine.

Report Server
Port

The port number used to communicate with the


report engine. The default port number is 3802.

Scan Controller
Port

The port number used to communicate with the


scan controller. The default port number is 3803.

Engine Scan
Controller

Allow the configuration manager to automatically


assign a scan engine to a scan controller. This is
enabled by default.

Synchronize
"Assigned to a
User"
remediation
tickets

A one-time synchronization between the McAfee


Vulnerability Manager Remediation system and
your external change management system for
tickets in the "Assigned to a User" state.

Synchronize
"Unassigned"
remediation
tickets

A one-time synchronization between the McAfee


Vulnerability Manager Remediation system and
your external change management system for
tickets in the "Unassigned" state.

Method of
Notification

The choices are SNMP, Email, or Both.


Requires proper configuration of the SNMP
and/or Email Notifications. The Global
Administrator must log on to the enterprise
manager and select Manage | Notifications.

McAfee Vulnerability Manager 7.5 Installation Guide

43

Installing on Multiple Servers


McAfee Vulnerability Manager 7.5 installation

Database Server The host name of your database server.


Note: If you changed the Instance Name when
installing SQL Server, you must add the Instance
Name for McAfee Vulnerability Manager to
function properly. See Changing the SQL Instance
Name (page 47).
Faultline
Password

The password to the Faultline database. The


password is encrypted. The maximum password
length is 128 characters.

Database
Installation
Type

Select to install a new McAfee Vulnerability


Manager database or upgrade an existing
McAfee Vulnerability Manager database.

Force protocol
encryption on
DB server

Select this checkbox only to accept encrypted


traffic to the database. If you are installing a
new, fresh database and are only using the
database for McAfee Vulnerability Manager 7.5,
McAfee recommends turning this on to protect
the data between the scan controller and the
database.

Use DNS name


to identify
assets

Select this checkbox to have McAfee


Vulnerability Manager use the DNS name to help
identify your assets. DNS names generally do
not change, so they can be used as unique
identifiers for your assets.
If DNS names change in your environment, do
not select this option.

Create New
Organization
Name

The name of the organization to be created


when McAfee Vulnerability Manager is installed.

New
Organization
Administrator
Password

The password of the Root Organization


Administrator to be created when McAfee
Vulnerability Manager is installed.

Set Global
Admin
Password

The password of the Global Administrator to be


created when McAfee Vulnerability Manager is
installed.

Program
Location

The installation path for the McAfee Vulnerability


Manager product.

Reports
Location

The folder location where your reports are


saved.

Configuration
Manager Server

The IP address, NetBIOS name, or DNS name


for the configuration manager.

Configuration
Manager Port

The port number used to communicate with your


configuration manager server. The default port
number is 3801.

McAfee Vulnerability Manager 7.5 Installation Guide

44

Installing on Multiple Servers


McAfee Vulnerability Manager 7.5 installation

Login information
The Global Administrator and the Organization Administrator (for the organization you created when
installing the product) have some predefined login information.

Global Administrator:

Organization name: fsglobal

User name: globaladmin


Organization Administrator (for the organization you created during installation):

User name: Administrator

Hiding a Microsoft SQL Server 2005 instance


If you are required to remove the TCP information regarding database instances in Microsoft SQL
Server 2005, use the following steps before you install McAfee Vulnerability Manager.
Note: This solution changes the TCP listening port of Microsoft SQL server to 2433. Applications that
require SQL connections and/or access control lists might need to be reconfigured.
1

Select Start | All Programs | Microsoft SQL Server 2005 | Configuration Tools | SQL
Server Configuration Manager.

Select an Instance to hide.

Select TCP/IP under Enabled Protocols.

Select Properties. The TCP/IP properties dialog box is displayed.

Select Hide Server.

Click OK. The TCP/IP properties dialog box closes.

Click OK. The Server Network Utility closes.

Restart the system.

Run McAfee Vulnerability Manager setup.

10 When prompted for the database server name, use the format server, 2433. If you are
upgrading McAfee Vulnerability Manager, on the Installation Settings step, double-click the
Database Server.

Figure 7: Installation settings

McAfee Vulnerability Manager 7.5 Installation Guide

45

Installing on Multiple Servers


McAfee Vulnerability Manager 7.5 installation

Hiding a Microsoft SQL Server 2008 instance


If you are required to remove the TCP information regarding database instances in Microsoft SQL
Server 2008, use the following steps before you install McAfee Vulnerability Manager.
Note: This solution changes the TCP listening port of Microsoft SQL server to 2433. Applications that
require SQL connections and/or access control lists might need to be reconfigured.
1

Select Start | All Programs | Microsoft SQL Server 2008 | Configuration Tools | SQL
Server Configuration Manager.

Select SQL Server Network Configuration.

Right-click an instance and select Properties.

Select Hide.

Select Yes from the drop-down list.

Click OK. A message states that the service must be stopped and restarted.

Click OK.

Restart the system.

Run McAfee Vulnerability Manager setup.

10 When prompted for the database server name, use the format server, 2433. If you are
upgrading McAfee Vulnerability Manager, on the Installation Settings step, double-click the
Database Server.

Figure 8: Installation settings

McAfee Vulnerability Manager 7.5 Installation Guide

46

Installing on Multiple Servers


McAfee Vulnerability Manager 7.5 installation

Changing the SQL instance name


If you change the instance name when installing SQL Server, there are some extra configuration steps
you must do to ensure that McAfee Vulnerability Manager functions properly.
Note: If you installed SQL Server and accepted the Default Instance Name, you do not have to do
these steps.

McAfee Vulnerability Manager components


When installing McAfee Vulnerability Manager components that communicate with the database, you
must modify the Database server setting during the installation process of the McAfee Vulnerability
Manager component. On the Installation Settings step, modify the database server settings.

Figure 9: Selecting the database


1

Double-click Database Server.

Click Modify.

Type the host name or IP address, type a backslash and type the instance name
For example: ORCHID\Accounting or xxx.xxx.xxx.xxx\Accounting
To add a port number, type a comma and the port number.
For example: ORCHID\Accounting,1533 or xxx.xxx.xxx.xxx\Accounting,1533

McAfee Vulnerability Manager 7.5 Installation Guide

47

Installing on Multiple Servers


McAfee Vulnerability Manager 7.5 installation

Note: Although <Server Name>,<port> is a valid SQL Server reference when using a named
instance, this is not a valid reference for McAfee Vulnerability Manager. The instance name must
be included for McAfee Vulnerability Manager to function properly.

Figure 10: Modifying the database connection information


4

Type and confirm a user password

Click Next

Finish the installation process

Configuration manager
The configuration manager might not accurately report the state of the SQL Server, or might fail to
control (start, stop) the service correctly. See McAfee KnowledgeBase article KB 54440 for information
on resolving this problem.

McAfee Vulnerability Manager 7.5 Installation Guide

48

Uninstalling McAfee Vulnerability Manager


Uninstalling a previous version of McAfee Vulnerability Manager

Uninstalling McAfee Vulnerability


Manager
Whether you are uninstalling McAfee Vulnerability Manager 7.5 or a previous version, these steps
show how to ensure that the product is removed. This is particularly useful when you want to run a
"clean" installation, ensuring that settings from previous versions do not interfere.
Note: The migration process retains any modifications you have made to the php.ini or config.ini
settings on the enterprise manager, even though it creates a backup copy. See "Merging the
config.ini and php.ini files" (see "Merging the config.ini and php.ini files" on page 74) for more
information.

Uninstalling a previous version of McAfee Vulnerability


Manager
You do not need to uninstall a previous version before installing McAfee Vulnerability Manager 7.5.
1

On each server running a McAfee Vulnerability Manager component, go to the Windows Control
Panel and open Add/Remove Programs.

Select the version of McAfee Vulnerability Manager you want to remove and click Remove.

If any files are in use while being uninstalled, the program opens the Services window so you can
stop any product services still running, then the uninstall completes.

Caution: Do not delete the registry settings on any scan engine without having a good backup of the
McAfee Vulnerability Manager registry settings. Doing so can cause database objects to become
orphaned because the registry contains a unique identifier that ties the scan engine to the data.
If you must delete the registry settings for any reason, contact customer support for help on restoring
the database to the proper scan engine.
McAfee Vulnerability Manager 7.5 depends upon the following registry keys from previous versions.
For Windows 2003:

HKEY_CURRENT_USER\SOFTWARE\Foundstone

HKEY_LOCAL_MACHINE\SOFTWARE\Foundstone

For Windows 2008 R2:

HKEY_CURRENT_USER\SOFTWARE\Foundstone

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foundstone

McAfee Vulnerability Manager 7.5 Installation Guide

49

Uninstalling McAfee Vulnerability Manager


Do NOT remove registry keys

Do NOT remove registry keys


Caution: Do not delete the registry settings on any scan engine without backing up the settings.
Deleting McAfee Vulnerability Manager registry settings cause database objects to become orphaned
because the registry contains a unique identifier that link the scan engine to the data.
If you must delete the registry settings for any reason, contact customer support for help on restoring
the database to the proper scan engine.
McAfee Vulnerability Manager 7.5 looks for the following registry keys from previous versions.
For Windows 2003:

HKEY_CURRENT_USER\SOFTWARE\Foundstone

HKEY_LOCAL_MACHINE\SOFTWARE\Foundstone

For Windows 2008 R2:

HKEY_CURRENT_USER\SOFTWARE\Foundstone

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foundstone

McAfee Vulnerability Manager 7.5 Installation Guide

50

Configuring Your Servers


McAfee Vulnerability Manager Update

Configuring Your Servers


After McAfee Vulnerability Manager is installed, configure your servers to prepare them for use.

McAfee Vulnerability Manager Update


McAfee Vulnerability Manager Update lets you manually or automatically update McAfee Vulnerability
Manager 7.5 with new program updates and vulnerability checks from McAfee. Update runs on the
scan controller server. Running unattended, it automatically checks the McAfee update server for new
information, downloads it, and updates the database.
Note: If you are running more than one scan controller, only one needs to run McAfee Vulnerability
Manager Update. The other scan controllers automatically detect updates in the database and
retrieves the appropriate information.
The latest information can include the following:

FSL scripts, templates and vulnerability checks


Threat Intelligence updates
Operating System fingerprints and identifiers
McAfee Vulnerability Manager 7.5 program updates
Language Pack updates
McAfee standard SCAP updates

Before you begin

If the scan controller is running on a different server than the database, you must install SQL
Client Tools on the server to allow McAfee Vulnerability Manager Update to pass the information to
the database.

Procedures
McAfee Vulnerability Manager Update lets you do the following tasks:

Set up automatic updates


Manually check for updates
Type your McAfee Vulnerability Manager user name and password

McAfee Vulnerability Manager 7.5 Installation Guide

51

Configuring Your Servers


McAfee Vulnerability Manager Update

Set up a proxy server (see "Adding proxy information for connecting to the update server" on
page 54)

Figure 11: McAfee Vulnerability Manager Update program - showing options

McAfee Vulnerability Manager update settings


Option

Description

Check for Updates

Click to connect to the update server and search for


the latest updates. If an update is found, it
automatically downloads and installs itself.

License Usage

Shows the number of live IP addresses you have


scanned.

Licensed For

Shows the number of IP addresses you are allowed to


scan, according to your license.

Options

Click to open the update program options.

Username

Type the user name that McAfee sent you. This is the
user name you used to access the McAfee download
files.

Password

Type the password associated with the McAfee user


name.
McAfee Vulnerability Manager 7.5 Installation Guide

52

Configuring Your Servers


McAfee Vulnerability Manager Update

Option

Description

Proxy server
requires
authentication

If you use a proxy server to access the update


server, select this checkbox. Otherwise leave this box
unchecked.

Username (proxy)

If you use a proxy server to access the update


server, type the user name for the proxy server.

Password (proxy)

Type the password for the proxy server.

Use secure
connection

Select this option to connect to the update server


over a secure connection.

Digital Security
Mode

Select an option for validating the update content


files.
Automatic McAfee Vulnerability Manager checks
that the downloaded update package has been signed
with the appropriate certificate. If the certificate is
valid, the update is executed.
Interactive You are prompted to validate the
publisher and select to Run or Don't Run the update
package.
Disabled McAfee Vulnerability Manager doesn't
validate that the update package has the appropriate
certificate. Selecting this option displays a warning
message that this option is not recommended.

Selected item will


be checked for
updates every x
day(s) x hour(s)

Type the number of days and hours to wait before the


next update check.

Setting up McAfee Vulnerability Manager Update


McAfee Vulnerability Manager Update uses secure HTTPS communication (TCP port 443) to download
new updates from McAfee. The first time you run it, you are prompted to type your user name and
password to connect to the McAfee Vulnerability Manager update server. (This is the user name
provided by McAfee.)
Once you have typed the user name and password, select the items you want to download. You can
specify the amount of time that should pass before McAfee Vulnerability Manager Update checks
again. Once this is set, the update program automatically checks for downloads according to the
specified time. You must leave the update program running to allow automatic updates.
The first time you run the update program, you need to type your user name and password to
connect to the McAfee Vulnerability Manager update server. Once you've typed this information, the
update program uses it to automatically check for updates.

McAfee Vulnerability Manager 7.5 Installation Guide

53

Configuring Your Servers


McAfee Vulnerability Manager Update

On the scan controller, select Start | All Programs | Foundstone | Update McAfee
Vulnerability Manager.

Click Options.

Type the user name and password you received from McAfee.

Click Check for Updates.

Watch the status area for update information.


If the status window shows that the update failed, make sure that you have properly entered your
user name and password. McAfee requires the proper authentication to the update server before
you can download any updates.

To automatically check for updates, select the checkbox each package to update.

Type the number of hours to wait between update checks.

Leave the McAfee Vulnerability Manager Update program running. If you decide to exit, the
program warns you that it must continue running if you want to automatically check for McAfee
updates.

Select Proxy server requires authentication if updates are accessed using a proxy server.

10 Type the user name and password required to authenticate to your proxy server.

Adding proxy information for connecting to the update server


McAfee Vulnerability Manager Update reads the settings from Microsoft Internet Explorer to obtain the
proxy web address and port to be used.
1

Open Microsoft Internet Explorer.

Select Tools | Options.

Click the Connections tab.

Click LAN Settings.

In the Local Area Network (LAN) Settings dialog box, select Use a proxy server for your
LAN....

Type the address and port settings.

Click OK.

Running McAfee Vulnerability Manager Update as a service


You can run McAfee Vulnerability Manager Update as a native Win32 service. The default installation
of the scan controller configures the McAfee Vulnerability Manager Update service parameters but
does not enable it to run automatically.
Note: If you have previously enabled FSUpdate to run via the Start menu Startup folder, remove it
from the folder to prevent running more than one copy of FSUpdate.
1

Select Start | Administrative Tools | Services.

Double-click Foundstone Update Service Proxy.

Under Service Status, click Start. If the service is disabled, change the Startup type to
Manual, then click Apply.

To automatically start the update service, change the Startup type to Automatic, then click
Apply.

To see the update user interface when it is running, click the Log On tab.

Select Local System Account and select Allow service to interact with desktop.

Click OK.
McAfee Vulnerability Manager 7.5 Installation Guide

54

Configuring Your Servers


McAfee Vulnerability Manager Update

Troubleshooting the McAfee Vulnerability Manager Update service


Certain settings or circumstances can prevent the McAfee Vulnerability Manager Update service from
running properly. When you install McAfee Vulnerability Manager, the FSUpdate service is configured
automatically. If the settings have been altered manually or the service was not installed by the
product installer, you can reinstall any scan controller to reinstall the McAfee Vulnerability Manager
Update service.

Verifying that the correct service is being started


Use the following task to make sure that the correct service is being started.
1

If the service is currently running, stop it from the services control panel. To do this, select Start
| Settings | Control Panel, double-click Administrative Tools, then double-click Services.
(You can also right-click My Computer and select Manage from the shortcut menu.) Locate
Foundstone Update Service proxy and click Stop.

Locate the FSUpdateService.exe file and launch it. A small window appears at the bottom right
of the screen.

Ensure that the edit field labeled Command line to start the application is pointing to the
correct location of the FSUpdate.exe program.

Ensure that the parameter to this path is "-service" (for example, C:\Program
Files\Foundstone\FSupdate.exe -service).

Click Apply (if needed) and close the application.

Reinstalling the FSUpdate Service


Use the following task to reinstall the update service.
1

On the scan controller server, locate the FSUpdateService.exe program (usually c:\Program
Files\Foundstone).

Open a command prompt window; select Start | Run and type cmd.

Navigate to the directory containing the FSUpdateService.exe program and type:


FSUpdateService -install. The file is stored in the installation directory (usually c:\program
files\Foundstone).

This procedure does not show anything on the computer screen. Once you run it, the program silently
reinstalls the service.
Note: If the FSUpdateService install process shows an error that the service is already installed,
disregard the error.

Verifying that the local account is running the service


Ensure that the Foundstone Update Service proxy Log on as checkbox is set to Local System
account.
1

Select Start | Run.

Type services.msc, then click OK.

Double-click Foundstone Update Service Proxy and click the Log On tab.

Make sure that the Local system account is selected.

Make sure that Allow service to interact with desktop is selected.

Click OK.

Note: The FSUpdate icon might not always appear in the system tray area, but the process can still
be running.

McAfee Vulnerability Manager 7.5 Installation Guide

55

Configuring Your Servers


Register McAfee Vulnerability Manager 7.5

Register McAfee Vulnerability Manager 7.5


McAfee Vulnerability Manager 7.5 comes with a trial license so you can try the full product for 60 days
within your enterprise (unlimited IP range). After the trial period, you must register McAfee
Vulnerability Manager 7.5 to continue using it.
Note: You must send the registration request from the computer that runs the API server.

Sending a registration request to McAfee


Before you can activate McAfee Vulnerability Manager, you must send a registration request to
McAfee. Your activation information is sent to you in an email.
1

Select Start | All Programs | Foundstone | Register McAfee Vulnerability Manager.

In the registration program, select a network card to bind to the registration.


The network cards are listed in a drop-down box at the bottom of the McAfee Registration Key
group.

Figure 12: McAfee Vulnerability Manager Registration


3

Click Generate to create a unique registration key. The key appears in the text box.
If a key already exists in the textbox, click Clear to remove it before clicking Generate.

Click Website to open a browser and connect to the Foundstone Registration Website.

Type your registration information and click Submit Registration.

Organization - Type your organization or company name.

Grant Number - Type your grant number.

Contact Person - Type your own name, or the name of the person responsible for contacting
McAfee regarding the product.

Telephone - Type the contacts phone number.


McAfee Vulnerability Manager 7.5 Installation Guide

56

Configuring Your Servers


Enable notifications

Your Email - Type the contacts email address.


Salesperson - Type the name of the McAfee Vulnerability Manager Sales Representative that
you normally work with.
Computer Name - Type the NetBIOS name of the computer running the product.
Product Type - Select Foundstone Enterprise Evaluation if you are evaluating McAfee
Vulnerability Manager 7.5. Select Foundstone Enterprise License if you have purchased
McAfee Vulnerability Manager 7.5.
Request Hash - Do not change this information. It is the key that was generated on your
computer.
Address Pool - Type the IP addresses you are allowed to scan. Your license is bound to these
ranges.
Notes - Type any notes that you need to send with your request.

Activate McAfee Vulnerability Manager 7.5


Before you can use McAfee Vulnerability Manager, you must activate the product with your activation
key, which you received via email.
1

Select Start | All Programs | McAfee Vulnerability Manager | Register FoundScan.

Type the activation key (unlock code) you received.

Click Register Now to complete the registration process.


If you have any questions or problems with this process, contact McAfee Technical Support.

Enable notifications
The McAfee Vulnerability Manager Notification Service adds SNMP and email integration for ticketing
and scan related events, as well as system status, such as FCM updates available. Tickets are used to
manage and track vulnerabilities in systems within your corporate network. The ticketing system is
available through the enterprise manager and is integrated with other functions of the system, for
example, asset management.

Enabling SNMP notifications


Use the SNMP Settings section of the Notification Settings page to specify the SNMP manager and
agent.

Figure 13: Notification settings SNMP settings

McAfee Vulnerability Manager 7.5 Installation Guide

57

Configuring Your Servers


Enable notifications

Log on to the enterprise manager as a Global Administrator.

Select Manage | Notifications.

Select Enable SNMP Notifications to enable SNMP notifications.

Complete the remaining information, specifying the SNMP version, and incoming and outgoing
SNMP settings.

SNMP general settings


Option

Description

SNMP Version

Select 1 or 2c from the SNMP version list.

Community
String

Type the SNMP community string.

Throttle

Select the maximum number of messages per second


from the Throttle list.

Incoming SNMP settings


Option

Description

Address

Type the listening IP address, fully qualified domain


name, or host name of the SNMP agent that is to
receive incoming SNMP messages from an external
SNMP manager.

Port

Type the listening port number.

Senders List

Type the names of authorized senders of SNMP


messages. For example, you might want to type the
name of the outgoing SNMP management node here, so
that the McAfee Vulnerability Manager Notification
Service listens to messages sent by that SNMP
management node.
If you do not type a name in this field, no messages are
processed by the McAfee Vulnerability Manager
Notification Service.

Add

Click this button to add the name in the Senders List.

Remove

Select a name from the Senders List and click this


button to remove the name from the list.

Allow Verify
Vulnerability

Select if you want McAfee Vulnerability Manager to


respond to SNMP trap messages requesting verification
of a vulnerability.

Outgoing SNMP settings


Option

Description

Address

Type the IP address, fully qualified domain name, or


host name of the SNMP management node McAfee
Vulnerability Manager sends SNMP messages to.

Port

Type the port number of the SNMP management node.

McAfee Vulnerability Manager 7.5 Installation Guide

58

Configuring Your Servers


Enable notifications

Enabling email notifications


Use the Email Settings section of the Notification Settings page to specify the email server settings.
Note: If you have McAfee VirusScan Enterprise On-Access Scanner enabled, the McAfee Vulnerability
Manager Notification service fails to connect to your email server. To receive email notifications,
exclude the Notification service from VirusScan Enterprise. See Using McAfee VirusScan Enterprise
8.0i and later (on page 80).

Figure 14: Notification Settings Email Settings


1

Log on to the enterprise manager as a Global Administrator.

Select Manage | Notifications.

Select Enable Email Notifications to enable email notifications.

Complete the remaining information, specifying the email server address, and the email addresses
of the sender/recipient.

Note: Email notifications for updates applied via the McAfee Vulnerability Manager Configuration
Manager are sent to the address listed for McAfee Vulnerability Manager Operations. If you
have enabled email notifications in the configuration manager Preferences, be sure to include an
email address in the McAfee Vulnerability Manager Operations field.

Email server
Option

Description

Address

Type the address of the mail server. Use either the IP


address, fully qualified domain name, or host name of
the server (up to a maximum of 256 characters).

Port

Type the port number of the mail server to which


notification messages are to be sent.

McAfee Vulnerability Manager 7.5 Installation Guide

59

Configuring Your Servers


Enable notifications

Option

Description

Server Requires
Authentication

Select this checkbox to log on to the mail server with a


user name and password.

Username

Type the user name required to log onto the mail


server. The user name can be up to 64 characters long.

Password

Type the password associated with this user name. The


password can be up to 128 characters long.

Email messages
Option

Description

Header Message

Optional. Type your organization security banner here.


While McAfee Vulnerability Manager 7.5 controls the
bodies of these messages, you can configure an
opening statement as needed. For example, you could
include internal contact information or policy notices.
The maximum number of characters allowed is 256.
The email header message can include alphanumeric
characters plus underscores, periods, parentheses,
hyphens, spaces, commas, slashes (/), and colons.

Footer Message

Optional. While McAfee Vulnerability Manager 7.5


controls the bodies of these messages, you can
configure a closing statement as needed. For example,
you could include internal contact information or policy
notices.
The maximum number of characters allowed is 256.
The email footer message can include alphanumeric
characters plus underscores, periods, parentheses,
hyphens, spaces, commas, slashes (/), and colons.

Event and Address Settings


The following settings apply to each notification type: Ticket Integration, McAfee Vulnerability
Manager Operation, User Remediation, and User Scan Status.
Option

Description

From Name

Type the name of the sender. This is the person or


organization that the email appears to be coming from.
Use up to 64 characters.

From Address

Type the email address of the person or organization


sending the email. If the recipient replies, the reply is
sent to this email address. Use up to 256 characters
using a proper format (for example,
first.last@yourcompany.com).

To Name

Type the name of the person or organization receiving


the notification email for this type. Use up to 64
characters.

McAfee Vulnerability Manager 7.5 Installation Guide

60

Configuring Your Servers


Add the enterprise manager trust site certificate

To Address

Type the email address of the recipient that is to


receive event notifications. Use up to 256 characters
using a proper format (for example,
first.last@yourcompany.com).

Hardening your servers


McAfee recommends that you take security measures to harden the systems running McAfee
Vulnerability Manager 7.5. Follow your company hardening policies. McAfee Vulnerability Manager also
provides a Hardening Guide, available from McAfee Technical Support. Here are some suggestions that
can help secure your servers.

Update your servers with the latest patches


Prior to hardening an IIS server, verify that the latest security fixes and patches have been installed
on the IIS server. This can be verified by running Hfnetchk.exe. Download it from Shavlik Security
products.
Microsoft also provides security updates and patches, although its coverage is not the same as
Hfnetchek's. Microsoft has provided the Windows Critical Update Notification Utility to ensure
that critical updates are announced. The instructions for installing this tool are located on the
Microsoft website.
Qchain chains hot-fixes together to allow several fixes to be installed at once, reducing the number of
system restarts required. More information is available from Microsoft.

Setting up SSL
McAfee Vulnerability Manager 7.5 installs and uses default SSL Certificates to communicate between
its servers. The installation program creates the certificates and installs them. However, canned
certificates are vulnerable to spoofing, which could allow someone to see the information as it is sent
between servers.
To increase the security, and to add authentication to the SSL Certificates, you must set up
customized SSL Certificates. The necessity of using customized SSL Certificates varies widely from
company to company.
If you decide to use customized SSL Certificates, McAfee Vulnerability Manager provides the McAfee
Vulnerability Manager Configuration Manager, a separate program that you can use to create custom
SSL certificates (this tool also manages updates to the McAfee Vulnerability Manager components).
For more information, refer to the configuration manager online help or the product guide.

Add the enterprise manager trust site certificate


A certificate error occurs when using Internet Explorer 8.0 or 9.0. This results in Internet Explorer
blocking the enterprise manager. Adding the enterprise manager to the trusted sites list does not
resolve this issue.
To add the enterprise manager certificate to Microsoft Internet Explorer 8.0 or 9.0, review the
following requirements.

McAfee Vulnerability Manager 7.5 Installation Guide

61

Configuring Your Servers


Add the enterprise manager trust site certificate

The portal address in the CONFIG.INI file must match the FQDN, NetBIOS, or IP address used in
the SSL certificate for the enterprise manager. See Check the server_name in the CONFIG.INI file
(page 62).
.Net 2.0 or 3.0 must be installed on each user system accessing the enterprise manager.
Use the Installing the McAfee Vulnerability Manager Trust Site certificate (page 62) task on each user
system accessing the enterprise manager.

Check the server_name in the CONFIG.INI file


Use this task to ensure the server_name in the CONFIG.INI file matches the FQDN, NetBIOS name, or
IP address used in the SSL certificate.
1

Open configuration manager.

Expand the Foundstone SSL Certificates and select the SSL certificate issued to the enterprise
manager.
Example: myhost.domain.com.

In the Subject information, under Certificate Summary, find the FQDN, NetBIOS, or IP address.
This is the information after CN=.

On the server running the enterprise manager, open the CONFIG.INI file.
The default location in Microsoft Windows 2003 is: C:\Program Files\Foundstone\Portal\include.
The default location in Microsoft Windows 2008 R2 is: C:\Program Files
(x86)\Foundstone\Portal\include.

Make sure the server_name matches the FQDN, NetBIOS name, or IP address used in the SSL
certificate.

Save the CONFIG.INI file.

Installing the McAfee Vulnerability Manager Trust Site Certificate


McAfee Vulnerability Manager allows you to install a product-specific Trust Certificate.
1

Double-click the Enterprise Manager icon. The McAfee Vulnerability Manager logon page
appears.
Note: If necessary, add the enterprise manager to the Trusted Sites list.

Click Trust Site Certificate. A warning message appears.

Click Yes. An import successful message appears when the certificate import is completed.

Click Quit.

Close Microsoft Internet Explorer.

Double-click the Enterprise Manager icon.

McAfee Vulnerability Manager 7.5 Installation Guide

62

Upgrading to McAfee Vulnerability Manager 7.5


Add the enterprise manager trust site certificate

Upgrading to McAfee Vulnerability


Manager 7.5
This product supports upgrading from McAfee Vulnerability Manager version 6.8 or 7.0 to McAfee
Vulnerability Manager 7.5.
If you are upgrading a system that meets the system requirements (see "System Requirements and
Architectures" on page 9), you can upgrade directly to McAfee Vulnerability Manager 7.5. If you need
to upgrade your operating system or your SQL server, you must take additional steps, including
backing up your McAfee Vulnerability Manager database.
Caution: Backing up your database is recommended before doing any upgrades.
Note: McAfee Vulnerability Manager components require an internet protocol version 4 (IPv4)
address to properly communicate. Systems running product components must have an IPv4 address
and can have an IPv6 address to facilitate scanning IPv6 targets.
If you are upgrading the operating system and the database, you need to do the following:
1

Back up your existing database (Faultline).

Back up your McAfee Vulnerability Manager Windows Registry settings.

Upgrade the Windows operating system.

Upgrade the Microsoft SQL database.

Restore the McAfee Vulnerability Manager Windows Registry settings.

Restore the database (Faultline).

Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability
Manager content is up-to-date.

Upgrade to McAfee Vulnerability Manager 7.5.

Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5
content is up-to-date.

10 Users should clear their web browser cache to ensure updated pages display properly.
If you are upgrading the operating system on the server running the database to Microsoft Windows
Server 2008 R2, you need to do the following:
1

Back up your existing database (Faultline).

Back up your McAfee Vulnerability Manager Windows Registry settings.

Upgrade the Windows operating system.

Restore the McAfee Vulnerability Manager Windows Registry settings.

If necessary, restore the database (Faultline).

Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability
Manager content is up-to-date.

Upgrade to McAfee Vulnerability Manager 7.5.

Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5
content is up-to-date.

Users should clear their web browser cache to ensure updated pages display properly.
McAfee Vulnerability Manager 7.5 Installation Guide

63

Upgrading to McAfee Vulnerability Manager 7.5


Add the enterprise manager trust site certificate

If you are upgrading the database only (not the OS), you need to do the following:
1

Back up your existing database (Faultline).

Back up your McAfee Vulnerability Manager Windows Registry settings.

Upgrade the Microsoft SQL database.

Restore the database (Faultline).

Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability
Manager content is up-to-date.

Upgrade to McAfee Vulnerability Manager 7.5.

Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5
content is up-to-date.

Users should clear their web browser cache to ensure updated pages display properly.

If you attached your database to a server that does not have McAfee Vulnerability Manager installed:
1

Run the McAfee Vulnerability Manager installer.

Select the McAfee Vulnerability Manager components you want to install on the server.

On the McAfee Vulnerability Manager - Installation Settings page, double-click Database


installation type = Create New.

Select Upgrade an existing database, then click Next.


The McAfee Vulnerability Manager 7.5 installation program might not recognize the attached
database because McAfee Vulnerability Manager has not been installed on this server.

Continue with the upgrade installation.

If you moved your database to a different server, when you upgrade the server that formerly hosted
your database:
1

Run the McAfee Vulnerability Manager installer.

Select the McAfee Vulnerability Manager components you want to install on the server.

On the McAfee Vulnerability Manager - Installation Settings page, double-click Database


server = server_name.

Type the host name or IP address of the server hosting the database.

Type the McAfee Vulnerability Manager user password and then click Next.

Continue with the upgrade installation.

If you are upgrading the enterprise manager or a scan engine to Microsoft Windows Server 2008 R2,
you need to do the following:
Note: If the database is installed with any other McAfee Vulnerability Manager component, you must
follow the steps for upgrading the database.
1

Back up your McAfee Vulnerability Manager Windows Registry settings.

Upgrade the Windows operating system.

Restore the McAfee Vulnerability Manager Windows Registry settings.

Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability
Manager content is up-to-date.

Upgrade to McAfee Vulnerability Manager 7.5.

Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5
content is up-to-date.

Users should clear their web browser cache to ensure updated pages display properly.
McAfee Vulnerability Manager 7.5 Installation Guide

64

Upgrading to McAfee Vulnerability Manager 7.5


Back up the SQL server database using SQL Server Management Studio

Back up the SQL server database using SQL Server


Management Studio
Before performing an upgrade, create a backup of your McAfee Vulnerability Manager database in
case you need to restore it after the upgrade.
1

Open SQL Server Management Studio. To do this, select Start | All Programs | Microsoft SQL
Server | SQL Server Management Studio.

Connect to the server by providing the proper authentication.

Expand the Databases in the Object Explorer.

Right-click the Faultline database and select All Tasks | Backup Database from the shortcut
menu.

Figure 15: SQL Enterprise Manager Getting to the Backup menu


5

In the Back Up Database dialog box, the backup destination is entered automatically.
To add a different location, click Add to specify where to create the backup file.

McAfee Vulnerability Manager 7.5 Installation Guide

65

Upgrading to McAfee Vulnerability Manager 7.5


Backing up the Windows registry

Optionally, in the Back up Database dialog box, select Options and select Verify Backup on
finished to have SQL ensure that the backup is correct.

On the Back up Database dialog, click OK to begin the backup process.


A message appears when the backup is complete.

Figure 16: SQL Backup - complete

Backing up the Windows registry


1

Open the Windows Registry. To do this, select Start | Run. Type regedit as the name of the
program to run, and click OK.

Back up the registry keys, from the following locations in Microsoft Windows Server 2003:
HKEY_LOCAL_MACHINE\SOFTWARE\FOUNDSTONE\, and
HKEY_CURRENT_USER\SOFTWARE\FOUNDSTONE.

Back up the registry keys, from the following locations in Microsoft Windows Server 2008 R2:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FOUNDSTONE\, and
HKEY_CURRENT_USER\SOFTWARE\FOUNDSTONE.
McAfee Vulnerability Manager 7.5 Installation Guide

66

Upgrading to McAfee Vulnerability Manager 7.5


Upgrading Microsoft SQL Server 2000

Select File | Export.

Type a file name for the registry backup file, and select the folder where you want to save it.

Click OK.

Upgrading Microsoft SQL Server 2000


Caution: Before you can upgrade Microsoft SQL Server 2000, you must remove the existing registry
values for SQL certificates or you cannot install the database.

Modifying registry values


1

Open the Registry Editor.


The registry location of the SQL Server (for a default instance) is:
HKEY_LOCAL_MACHINE\Software\Microsoft\MSSQLServer\MSSQLServer\SuperSocketNetLib.
Note: For a named instance of the SQL Server, the values are under the key:
HKLM\Software\Microsoft\Microsoft SQL
Server\INSTANCENAME\MSSQLServer\SuperSocketNetLib.

Right-click Certificate and select Rename.

Rename Certificate to Certificate_.

Right-click Encrypt and select Rename.

Rename Encrypt to Encrypt_.

Close the Registry Editor.

Install Microsoft SQL 2005 or Microsoft SQL 2008 R2. A system restart might be required after
installation.

Install the latest service pack for Microsoft SQL Server. If necessary, restart the server.

Install McAfee Vulnerability Manager 7.5. Once the McAfee Vulnerability Manager 7.5 installation is
complete, you must restart the system.

10 After the system restarts, McAfee Vulnerability Manager 7.5 prompts you for database logon
information. Just close this dialog box.
Note: After McAfee Vulnerability Manager 7.5 is installed and running, you should redistribute
the certificates to turn encryption on for communication between the database and the scan
engine.

Redistributing certificates
1

Open configuration manager console.

Select Tools | Recreate Certificate Authority.

Change the name of the CA.

Select Recreate Certificate Authority.

Once the certificates are distributed to the database, encryption is enabled. You can now start the
scan controller(s) without being prompted for any database information.

Changing the compatibility level of an upgraded SQL Server 2000 database


After upgrading SQL Server 2000, you must change the database compatibility level.

McAfee Vulnerability Manager 7.5 Installation Guide

67

Upgrading to McAfee Vulnerability Manager 7.5


Microsoft SQL server 2005 installation settings

Select Start | All Programs | Microsoft SQL Server | SQL Server Management Studio.

Connect to the appropriate Database Engine server in the Object Explorer.

Open the Database node.

Right-click on the database.


The default name is Faultline.

Select Properties.

Select Options under Select a Page.

Select SQL Server 2005(90) from the Compatibility Level list for Microsoft SQL 2005.
Select SQL Server 2008(100) from the Compatibility Level list for Microsoft SQL 2008.

Click OK.

Microsoft SQL server 2005 installation settings


The following table shows the page names and recommended settings for each step of the installation.
These settings are based on a typical Microsoft SQL Server 2005 installation.
If you are upgrading from Microsoft SQL Server 2000 to Microsoft SQL Server 2005, go to Upgrading
Microsoft SQL Server 2000 (page 67).
Note: During installation, the database name is not automatically added to the database field on the
Database Administrator page. You must type in the database name or the instance name.

SQL server installation suggested settings


Use the following settings to configure your SQL Server.
Installation Page

Setting

Components to
Install

Select SQL Server Database Services and the


Workstation components, Books Online and
development tools.

Instance Name

Select Default instance.


Note: It is possible to give the instance a name. You
must type this instance name when installing other
McAfee Vulnerability Manager components. See
Changing the SQL Instance Name (page 47).

Service Account

Select Use the built-in System account, then


select Local system from the list.
Select SQL Server under Start services at the
end of setup.

McAfee Vulnerability Manager 7.5 Installation Guide

68

Upgrading to McAfee Vulnerability Manager 7.5


Microsoft SQL server 2008 and 2008 R2 installation features

Authentication Mode

Select Mixed mode. This mode is required to create


or upgrade the database. See Changing the Database
Authentication Settings (on page 77) for information on
how to change this setting later.
Create a password for the SA account. The
maximum password length is 128 characters.
Important: Remember this password. You need it when
you install the McAfee Vulnerability Manager
Configuration Manager, scan controller, API server,
notification service, data synchronization service, and
report engine.

Collation Settings

Accept the defaults.

Error and Usage


Report Settings

Accept the defaults (none selected).

After the installation finishes, McAfee recommends that you restart the computer to begin using SQL
Server. Then, make sure you have the latest SQL server service pack.

Changing the Microsoft SQL memory settings


Change the memory settings for Microsoft SQL Server to optimize performance for McAfee
Vulnerability Manager.
1

Select Start | Programs | Microsoft SQL Server | SQL Server Management Studio.

Log on to SQL Server Management Studio.

Right-click the server and select Properties.

Select Memory.

Change the Maximum Server Memory to two-thirds the maximum server memory.

Click OK.

Microsoft SQL server 2008 and 2008 R2 installation


features
The following lists show the recommended and minimum Microsoft SQL Server 2008 and 2008 R2
features for using McAfee Vulnerability Manager.
Note: If you are upgrading from Microsoft SQL Server 2000 to Microsoft SQL Server 2008, go to
Upgrading Microsoft SQL Server 2000 (page 67).

SQL server installation (recommended)

Database Engine Services, including all sub-features


Client Tools Connectivity
Client Tools Backward Compatibility
SQL Server Books Online
Management Tools (complete)

McAfee Vulnerability Manager 7.5 Installation Guide

69

Upgrading to McAfee Vulnerability Manager 7.5


Restoring the McAfee Vulnerability Manager database

SQL server installation (minimum)

Database Engine Services


Client Tools Connectivity
Client Tools Backward Compatibility

After the installation finishes, McAfee recommends that you restart the computer to begin using SQL
Server. Then, make sure you have the latest SQL server service pack.

Restoring the Windows registry


If you move or restore a McAfee Vulnerability Manager system, you must restore backed up product
registry settings. The McAfee Vulnerability Manager registry settings contain a unique identifier for the
scan engine.
1

Open the Windows Registry. To do this, select Start | Run. Type regedit as the name of the
program to run, and click OK.

Select File | Import.

Select the file that contains your McAfee Vulnerability Manager Windows Registry settings.

Click OK to restore registry settings.

Restoring the McAfee Vulnerability Manager database


If you move or restore a McAfee Vulnerability Manager system, you need to restore a database
backup. McAfee also recommends that you regularly test a database backup for integrity.
1

Stop all scan engines using the configuration manager. To do this, open configuration manager,
expand the McAfee Vulnerability Manager tree in the left pane, select a scan engine and click
Stop. You must do this for each scan engine.

Select Start | All Programs | Microsoft SQL Server | SQL Server Management Studio.

Log on to SQL Server Management Studio.

Right-click Databases, then select Restore Database.

In the Restore Database dialog box, type Faultline in the To database field.

McAfee Vulnerability Manager 7.5 Installation Guide

70

Upgrading to McAfee Vulnerability Manager 7.5


Restoring the McAfee Vulnerability Manager database

Figure 17: SQL Server Back up


You do not have to use Faultline as the McAfee Vulnerability Manager database name. If you use a
database name other than Faultline, you must add a string to the
HKEY_LOCAL_MACHINE\SOFTWARE\Foundstone\Foundscan registry key for Microsoft Windows 2003
or HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foundstone\Foundscan registry key for
Microsoft Windows 2008 R2. The string must be DBName with the value of the name created for
the McAfee Vulnerability Manager database.
If you use a database name other than Faultline, you should add the DBName registry key to any
system that runs one or more of the following McAfee Vulnerability Manager applications or
services:

Scan controller

API server

Report engine

Notification service

Data synchronization service

Configuration manager
6

Select From device, then click Select Devices.

In the Choose Restore Devices dialog box, click Add.

Type file name and location where the backup files are located, then click OK.

Click OK.

10 If necessary, on the Options tab, you can edit the rows in the Move to physical file name column
to specify the location and names of the physical files of the restored McAfee Vulnerability
Manager database.

McAfee Vulnerability Manager 7.5 Installation Guide

71

Upgrading to McAfee Vulnerability Manager 7.5


Upgrading from a previous version

Figure 18: Restore database


If the database is version 6.0 through 6.8, you can also restore the database by using a T-SQL
script, which might reduce the manual work of changing the physical file locations. See "Restoring
the database using T-SQL" in the McAfee Vulnerability Manager Product Guide.
11 Click OK to begin restoring the database.
12 When the restoring process is complete, a message appears. Click OK to close the message.

Upgrading from a previous version


Upgrade the database first, when possible. Some McAfee Vulnerability Manager components connect
to the database to complete the upgrade process. If you attached your database to a server that does
not have McAfee Vulnerability Manager installed and you want to upgrade your database, there are
some extra steps you must take to properly upgrade your database. See Upgrading to McAfee
Vulnerability Manager 7.5 (on page 63) for more information.
Tip: McAfee recommends that you back up the Faultline database (see "Back up the SQL server
database using SQL Server Management Studio" on page 65) on the computer running the SQL
Server database. It is also recommended that you back up the daily log files on your scan engine.
The log files are named by date and can be found in the Foundstone\Logs folder.
The process for upgrading your scan engines is different from other product components.

After upgrading, the configuration manager automatically updates your engines to McAfee
Vulnerability Manager 7.5. If you have a system running a scan engine and other McAfee
Vulnerability Manager components, when you upgrade this system, you must upgrade the scan
engine, even if the engine has already been updated by the configuration manager. Deselecting
the engine from the upgrade removes the engine and the scan controller from this system.
The McAfee Vulnerability Manager 7.5 installer automatically selects the API server component.
Only install the API server component on one scan engine. Deselect the API server component
when upgrading all other scan engines.
McAfee Vulnerability Manager 7.5 Installation Guide

72

Upgrading to McAfee Vulnerability Manager 7.5


Upgrading from a previous version

Note: When upgrading, multiple active sessions on the server can cause the upgrade to fail. You can
close all running McAfee Vulnerability Manager components using the Task Manager or you can
restart the server.

Upgrading to McAfee Vulnerability Manager 7.5


Use the following task to upgrade the database, enterprise manager, and API server (or primary scan
engine) to McAfee Vulnerability Manager 7.5.
1

Do not uninstall McAfee Vulnerability Manager.

Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability
Manager content is up-to-date.

Notify all users to log off the McAfee Vulnerability Manager system.
Note: If you want to change the password for the Faultline user, you must do it in the SQL
Server Management Studio.

On any McAfee Vulnerability Manager component, run the McAfee Vulnerability Manager 7.5
installation program. The installation program detects McAfee Vulnerability Manager components
already installed on the server. Review the list of selected McAfee Vulnerability Manager
components to upgrade or update the list, if necessary.
The installer terminates all product services before upgrading. If the installer cannot terminate
any of the product services, a message appears asking you to terminate the product service
manually. You must terminate any product services still running before continuing with the
installation.

Make sure that all of your scan engines are online.

On the system where you installed the configuration manager Server, start the configuration
manager Console.

Keep the configuration manager running long enough for all of your scan engines to connect to
the configuration manager server. When the engines have connected, exit the McAfee
Vulnerability Manager Configuration Manager.

On the computer running the database, start the McAfee Vulnerability Manager 7.5 installation
program to upgrade your database. By default, your database is upgraded to McAfee Vulnerability
Manager 7.5. If you want to install a new database, you must modify the Database installation
type on the Installation Settings step of the installation wizard.

On the enterprise manager web server, run the McAfee Vulnerability Manager 7.5 installation
program and install the enterprise manager.

10 On the computer on which you want to run the Notification Module, run the McAfee Vulnerability
Manager 7.5 installation program and install the Notification Module. The Notification Module does
not have to be installed on a system running a McAfee Vulnerability Manager component.
11 On systems that only have a scan engine installed, the scan engine is upgraded automatically by
the McAfee Vulnerability Manager Configuration Manager. Any system with a scan engine and
other McAfee Vulnerability Manager components installed, must be manually upgraded. Verify all
scan engines are upgraded by checking the version of each scan engine in the configuration
manager Console.
During an automatic upgrade, a scan controller is installed with each scan engine. During a
manual upgrade, the scan controller is selected when upgrading a system with a scan engine.
12 Upgrade all other McAfee Vulnerability Manager components.
13 Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5
content is up-to-date.
Once you have upgraded the database and enterprise manager, and installed the Notification Module,
the upgrade process is completed.
McAfee Vulnerability Manager sends updates to some components after the upgrade process is
complete, like sending content updates to the scan engines. In most cases, these updates finish
McAfee Vulnerability Manager 7.5 Installation Guide

73

Upgrading to McAfee Vulnerability Manager 7.5


Upgrading from a previous version

shortly after the upgrade is complete. If there are a large number of scan engines or there is low
bandwidth communication to the scan engines, this update process could take longer. If McAfee
Vulnerability Manager is not functioning properly right after an upgrade, the update process might not
be complete.

Upgrading an All-in-One system


Note: If you are using additional scan engines outside the All-in-One system, see the above
instructions under "Upgrading to McAfee Vulnerability Manager 7.5."
1

Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability
Manager content is up-to-date.

Notify all users to log off the McAfee Vulnerability Manager system.
Note: If you want to change the password for the Faultline user, you must do it in the SQL
Server Management Studio.

Stop and cancel all scan jobs before exiting the API server.

Run the McAfee Vulnerability Manager 7.5 installation program, installing all components.

If SQL server is not running, start the database (see "Starting and stopping the SQL server
database" on page 74).

Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5
content is up-to-date.

Merging the config.ini and php.ini files


During the upgrade process, your existing config.ini and php.ini files are renamed to config.fsorig and
php.fsorig.
If you made any changes to either .ini file, you must manually merge the changed sections into the
new config.ini and php.ini files.
1

Open both the new .ini file and the original (.fsorig) file in Notepad.

Copy the sections from the original file to the new one.

Save the file.

Starting and stopping the SQL server database


Sometimes it might be necessary to stop and restart the SQL Server service.
If you are unable to connect to the database even after entering the correct server name and
credentials, make sure the database is running.

Using the SQL database service

On the database server, you must open the SQL Server Management Studio to check the status of the
SQL server. The server icon in the System Tray has been removed for Microsoft SQL Server 2005 and
2008.
1

Select Start | Programs | Microsoft SQL Server | SQL Server Management Studio.

If the database icon shows a red square


shows a green triangle

, right-click the icon and click Start. When the icon

, the database is running.

If the database icon shows a green triangle


shows a red square

, right-click the icon and click Stop. When the icon

, the database has stopped.


McAfee Vulnerability Manager 7.5 Installation Guide

74

Upgrading to McAfee Vulnerability Manager 7.5


Upgrading appliances

Rerunning scans
After upgrading McAfee Vulnerability Manager, some information for existing scans doesn't display
until the scan is run. This includes Scan Details information (new for McAfee Vulnerability Manager
7.5), and the Vulnerability by IP port information in reports.

Microsoft Windows Server 2003 upgrade support


If you are upgrading the operating system on a server that previously ran McAfee Vulnerability
Manager components other than the scan controller and scan engine, you must uninstall the previous
version before you can install McAfee Vulnerability Manager 7.5. You must install the other
components on a server running Microsoft Windows Server 2008 R2.
Note: Back up your database before you uninstall it.
If you are upgrading on a server that only ran the scan controller and scan engine, your McAfee
Vulnerability Manager information is retained and used for the upgrade. During the upgrade, some
McAfee Vulnerability Manager services must be stopped before the upgrade process can begin.

Upgrading appliances
If you have a McAfee Vulnerability Manager appliance with a previous version of the product, you can
upgrade your appliance to McAfee Vulnerability Manager 7.5.
The upgrade guidelines work with the MVM 2100 (scan controller and scan engine only), MVM 3000,
and MVM 3100.

McAfee Vulnerability Manager 7.5 Installation Guide

75

Troubleshooting and Tips


Application Layer Gateway Message

Troubleshooting and Tips


This section includes some additional procedures and suggestions that can help you install McAfee
Vulnerability Manager 7.5.

Finding the NetBIOS name


Use the hostname command to identify a system by its host name and domain name.
1

Select Start | Run.

Type CMD, then click OK.

Type host name and press Enter. The name of the host appears.

Creating strong passwords


Although many tools exist to guess or brute-force passwords, creating a good password still adds an
additional layer of security that helps deter potential attackers. Use each of the following elements in
your password to create a strong password:

Use
Use
Use
Use
Use

8 or more characters
lower-case characters (a-z)
upper-case characters (A-Z)
numeral characters (0-9)
non-alpha-numeric characters (`~!@#$%^&*()-_=+)

Note: McAfee Vulnerability Manager 7.5 requires passwords that are at least 8 characters long, has
at least three of the four remaining requirements (lower-case, upper-case, numeral, and non-alphanumeric), and does not contain the user name.

Application Layer Gateway Message


The install program might display the following message regarding the Application Layer Gateway:
The "Application Layer Gateway Service" is currently running on this system. There are known
issues with this service adversely affecting scan results. As such, it is highly recommended that
you stop this service prior to scanning.
This message appears under the following conditions:

All service pack requirements are met for Microsoft Windows XP or Microsoft Windows 2003
The update labeled "MS05-019" is not applied
The Application Layer Gateway Service is running

McAfee Vulnerability Manager 7.5 Installation Guide

76

Troubleshooting and Tips


SQL settings

Stopping the Application Layer Gateway


1

Click Start | Administrative Tools | Services.

Click Application Layer Gateway Service.

Click Stop.

Performance issues when running a large number of


reports
If you plan on running a large number of reports, McAfee recommends installing the report engine on
a separate system from the database. Both the report engine and database can consume a lot of
resources, potentially causes a system to slow down. You can separate these components by doing a
custom installation for the report engine and doing a custom installation for the database on a
different system. See Custom Install (see "Installing using the custom installation type" on page 39).

SQL settings
This section provides some procedures for setting up your SQL server after you have installed the
database.

Changing the database authentication settings


During the installation process, the McAfee Vulnerability Manager install program sets the
Authentication to SQL Server and Windows. This mode is required to create a new database or to
upgrade the existing database.
If your network database policy requires a different setting, it is okay to change them until you need
to update your database again.
You can either change the authentication settings by editing the Windows Registry or through the SQL
Server Management Studio.

Changing SQL authentication using the Windows registry


1

Open the Windows Registry editor.

Find the following key:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\loginmode

Change the value to 2.

Changing SQL authentication using SQL Server Management Studio


1

Open the SQL Server Management Studio.


To do this, select Start | Programs | Microsoft SQL Server | SQL Server Management
Studio.
Note: You might be required to connect to the server. Type the appropriate information and click
Connect.

McAfee Vulnerability Manager 7.5 Installation Guide

77

Troubleshooting and Tips


SQL settings

In the Object Explorer, expand the server list until you get to the server you are configuring.

Right-click the server, and select Properties.

Click the Security page.

Change the Authentication setting as desired.

Figure 19: SQL Authentication


6

Click OK and exit the program.

Optimize dynamic memory settings


McAfee Vulnerability Manager recommends that you use dynamic memory allocation for SQL Servers
and cap it at 40% of the total system memory.

Setting the SQL dynamic memory


1

Select Start | Programs | Microsoft SQL Server 2005 | SQL Server Management Studio.

Log on to SQL Server Management Studio.

In the Object Explorer, expand the server list until you get to the server you are configuring.

Right-click the server, and select Properties.

Click the Memory page.

Set the Index Creation Memory to 40% of the total system memory.
For example, set the Index Creation Memory to 400 MB if the system has 1 GB of memory and
to 800 MB if the systems has 2 GB memory.

Click OK.

Setting the SA password in SQL


McAfee Vulnerability Manager 7.5 requires the SQL SA Password so that it can create or upgrade the
database (named Faultline). The SA password is not revealed in the McAfee Vulnerability Manager 7.5

McAfee Vulnerability Manager 7.5 Installation Guide

78

Troubleshooting and Tips


SQL settings

product. However, if you want to set a temporary password before installation, or change the SA
password after the installation, follow these steps to make the change.

Changing the SQL database SA password


1

Select Start | Programs | Microsoft SQL Server | SQL Server Management Studio.

Log on to SQL Server Management Studio.

Expand the Security folder and click Logins.

Double-click sa.

Figure 20: SQL Server Management Studio


5

Under SQL Server Authentication (non-selectable), type the new sa password.

Changing the TCP/IP protocol


During installation, McAfee Vulnerability Manager creates a database connection alias with the
database server information and TCP/IP protocol. If you change or disable the TCP/IP protocol,
McAfee Vulnerability Manager might not function properly. To modify the alias, you can use the SQL
Server Client Network Utility or change the alias value in the registry.

Using the SQL server client network utility


1

Select Start | Run.

Type cliconfg and press Enter. The SQL Server Client Network Utility appears.

Click the Alias tab, edit the Server alias, then click OK.

McAfee Vulnerability Manager 7.5 Installation Guide

79

Troubleshooting and Tips


Optional enterprise manager settings

Optional enterprise manager settings


After having installed McAfee Vulnerability Manager 7.5, there are several steps you can take to
customize the way that McAfee Vulnerability Manager 7.5 is used in your company. This includes
setting up logon messages (post messages to all users on the logon page (see "Setting up a logon
message" on page 81)).

Using McAfee VirusScan Enterprise 8.0i and later


If you are running McAfee VirusScan Enterprise (VSE) 8.0i or later, you must exclude the McAfee
Vulnerability Manager executables from the Port Blocking rules in VSE. The Port Blocking rule is
intended to stop mass mailings that target SMTP port 25. Certain scanning techniques employed by
McAfee Vulnerability Manager are considered to be malicious activities by VSE. This results in
inaccurate vulnerabilities reported when scanning.

To exclude FSScanCtrl.exe in the port blocking rule


1

Open the Virus Scan Enterprise Console by right-clicking the icon in the Windows taskbar.

Right-click Access Protection and select Properties from the shortcut menu.

Select the Antivirus Standard Protection category.

Select the rule to Prevent mass mailing worms from sending mail and click Edit.

Add FSScanCtrl.exe to the Excluded Process list.

Click OK, then click Apply.

Select the rule to Prevent IRC Communication and click Edit.

Add FSScanCtrl.exe to the Excluded Process list.

Close the VSE 8.0i console.

Note: If VSE is installed on the mail server, repeat these steps on the mail server.
McAfee suggests that you add all of the applications and processes of McAfee Vulnerability Manager to
this exclusion list in VSE in order to avoid conflicts between VSE and McAfee Vulnerability Manager.
Repeat the above steps to exclude the following:

FSScanCtrl.exe (excluded in the steps above)

FSUpdate.exe

FSNotifications.exe

LCDServices.exe

RegFS.exe

FCAgent.exe

FCServer.exe

FSAPI.exe

FSAssessment.exe

FSDiscovery.exe

FSLogToDiskSvc.exe

ReportServer.exe

McAfee Vulnerability Manager 7.5 Installation Guide

80

Troubleshooting and Tips


Optional enterprise manager settings

Setting up a logon message


If you have access to the enterprise manager server, you can add a message that appears on the
enterprise manager logon page for all users. To add this message, you must have created text files
with specific names and copied the files to the enterprise manager home directory.

Adding a logon message

Create a text file named mod.txt, and place it in the enterprise manager home directory.
The default location for Microsoft Windows 2008 R2 is c:\Program Files
(x86)\Foundstone\portal.

Removing the logon message

If the mod.txt file is not found or does not contain any data, the message of the day does not
appear. Remove this file from the enterprise manager home directory.

Creating a logon message file

Using a text editing program like Notepad, type the message you want to display. You can
embellish the message with some HTML tags, but they are not required.

Available HTML tags


You can use the following HTML tags to customize these messages:
<a><br><b><h1><h2><h3><h4><i>
<img><li><ol><p><strong><table>
<tr><td><th><u><ul>

Adding a blank line in the mod.txt file automatically adds the appropriate .html code to create a new
line.

Message titles
Use the tags <mod_title> and </mod_title> to change the title of the message. If no title has been
entered, the title displays "Message of the Day".

SAMPLE mod.txt FILE


The following is an example of possible content for the Message of the Day file.

McAfee Vulnerability Manager 7.5 Installation Guide

81

Troubleshooting and Tips


Optional enterprise manager settings
<mod_title>Security Notice</mod_title>
The following network segments <i>should not be scanned</i> until further notice.
<ul> <li>10.0.50.1 - 10.0.50.254</li>
<li>10.72.221.1 - 10.72.223.254</li> </ul>
Contact Sue at extension 630 if you have any questions.

It results in the following message:

Figure 21: Logon Page - Message of the Day

Allowing root organization administrators to switch to global


administrator
McAfee Vulnerability Manager 7.5 can allow root organization administrators to switch between Root
Organization Administrator and Global Administrator in the enterprise manager. This can be useful in
organizations that use single sign-on since a separate sign-on account is not required.
Warning: If this feature is enabled, all root organization administrators have access to the Global
Administrator and can make changes to the enterprise manager. It is possible for one root
organization administrator to undo the settings established by another. This feature might not be ideal
for environments with multiple root organization administrators.

Allowing root organization administrators to switch to global administrator


1

Open the config.ini file on the system running the enterprise manager. The default location for
Microsoft Windows 2008 R2 is c:\Program Files (x86)\Foundstone\portal\include.

Set allow_ga_switch to true.

Save and close the config.ini file.

Using the global administrator switch


1

Log on to the enterprise manager as a Root Organization Administrator.

Click the Global Admin link. The Global Administrator user-interface appears.
Note: Only one active session is allowed. Using Open in New Tab on the Global Admin link
terminates the organization administrator session. Using Open in New Tab also terminates the
session if the Org Admin link is clicked in the global administrator session.

McAfee Vulnerability Manager 7.5 Installation Guide

82

Troubleshooting and Tips


Optional enterprise manager settings

Click the Org Admin link to switch back to the Root Organization Administrator user-interface.

Note: If you log on using the Global Administrator credentials, you don't see the ORG ADMIN link in
the user-interface. The switch only functions when you log on as a Root Organization Administrator.

Setting up the CONFIG.INI and PHP.INI files


This section provides information on the settings found in the CONFIG.INI and PHP.INI files, located
on the enterprise manager server. Use caution when changing the settings in these files. The wrong
settings can prevent McAfee Vulnerability Manager 7.5 from functioning properly.

CONFIG.INI
The config.ini file contains basic configuration settings for McAfee Vulnerability Manager 7.5.
The default location for Microsoft Windows 2003 is c:\Program
Files\Foundstone\Portal\include\config.ini.
The default location for Microsoft Windows 2008 R2 is c:\Program Files
(x86)\Foundstone\Portal\include\config.ini.

PHP.INI
PHP is a scripting language used by enterprise manager. The php.ini file contains PHP settings in
enterprise manager. This file contains many sections and settings, though this document addresses
only those settings that McAfee recommends for customers to change if necessary.
The default location for Microsoft Windows 2003 is c:\Program Files\Foundstone\PHP\php.ini.
The default location for Microsoft Windows 2008 R2 is c:\Program Files
(x86)\Foundstone\PHP\php.ini.

Opening the CONFIG.INI file


The CONFIG.INI file is located on the web server that hosts the enterprise manager.
1

On the enterprise manager server, navigate to \Portal\include\config.ini. It is located under


the folder where you installed McAfee Vulnerability Manager 7.5.
The default location for Microsoft Windows 2003 is c:\Program
Files\Foundstone\Portal\include\config.ini.
The default location for Microsoft Windows 2008 R2 is c:\Program Files
(x86)\Foundstone\Portal\include\config.ini.

Double-click the file to open it.

Edit the file using NOTEPAD.EXE or another text editor.

Opening the PHP.INI file


The PHP.INI file is located on the web server that hosts the enterprise manager.
1

On the enterprise manager server, navigate to \PHP\Config.ini. It is located under the folder
where you installed McAfee Vulnerability Manager 7.5.
The default location for Microsoft Windows 2003 is c:\Program Files\Foundstone\PHP\php.ini.
The default location for Microsoft Windows 2008 R2 is c:\Program Files
(x86)\Foundstone\PHP\php.ini.
McAfee Vulnerability Manager 7.5 Installation Guide

83

Troubleshooting and Tips


Optional enterprise manager settings

Double-click the file to open it.

Edit the file using NOTEPAD.EXE or another text editor.

Common Tasks
The following list shows the most common tasks that can be performed by changing the CONFIG.INI
and PHP.INI settings.

Disabling the option to verify a vulnerability ticket

In the CONFIG.INI file, change the value disable_verify under the Remediation section to 1
and save the file.

To verify the setting, log onto the enterprise manager. Navigate to Remediation | New Tickets. The
Verify button should not be available when this value is set to 1.

Disabling the Quick Scan feature in the enterprise manager

In the CONFIG.INI file, search for the following string and remove the ; at the beginning of the
line:
;disable_quickscan=1

To verify the setting, log onto the enterprise manager. The Quick Scan feature is disabled when this
value is set to 1.

Disabling the Customer Feedback Link in the enterprise manager

In the CONFIG.INI file, change the value submit_feedback under the [Optional] section to 0
and save the file.

To verify the setting, log onto the enterprise manager. The customer feedback link at the bottom of
the page should not appear, or is otherwise disabled.

Config.ini
The config.ini file contains basic configuration settings for McAfee Vulnerability Manager 7.5.
The default location for Microsoft Windows 2003 is c:\Program
Files\Foundstone\Portal\include\config.ini.
The default location for Microsoft Windows 2008 R2 is c:\Program Files
(x86)\Foundstone\Portal\include\config.ini.
Sections in this configuration file include:

first run flag (page 85)


[server] (page 85)
[API Server] (page 86)
[session] (page 88)
[report server] (page 88)
[optional] (page 89)
[look_and_feel] (page 90)
[ipranges] (page 91)
[mvas] (page 91)
McAfee Vulnerability Manager 7.5 Installation Guide

84

Troubleshooting and Tips


Optional enterprise manager settings

[debug] (page 91)


[fcgi] (page 91)
[reports] (page 92)
[l18n] (page 92)
[threats] (page 92)
[RADIUS_server_options] (page 94)
[single signon]
[java] (page 94)
[fs-850 options]
[remediation] (page 95)

first run flag


Entry

Default

first_run

1 until you log onto


the enterprise
manager
0 after a successful
logon to the
enterprise
manager

Description
The first time you log onto the
enterprise manager, if this
value is set to 1, the
server_name value is sent to
the engine as the "default"
portal server.

[server]
Entry

Default

Description

server_url

Base URL used to access the


enterprise manager.

server_root

Windows 2003
C:\Program
Files\Foundstone\Po
rtal\

Install path for the enterprise


manager.

Windows 2008 R2
C:\Program Files
(x86)\Foundstone\Po
rtal\
server_cache

Windows 2003
C:\Program
Files\Foundstone\Te
mp\

Path for temporary files.

Windows 2008 R2
C:\Program Files
(x86)\Foundstone\Te
mp\

McAfee Vulnerability Manager 7.5 Installation Guide

85

Troubleshooting and Tips


Optional enterprise manager settings

Entry

Default

Description

reports_dir

Windows 2003
C:\Program
Files\Foundstone\Re
ports\

The report engine uploads


scan reports to this directory.

Windows 2008 R2
C:\Program Files
(x86)\Foundstone\Re
ports\
custom_reports_dir

Windows 2003
C:\Program
Files\Foundstone\Re
ports_Custom\

The report engine uploads


custom reports to this
directory.

Windows 2008 R2
C:\Program Files
(x86)\Foundstone\Re
ports_Custom\
font_dir

C:\Windows\Fonts

Path for Windows fonts.

server_name

COMPUTERNAME

Name of this server. This


should be the name used to
access the system, such as
the DNS or NetBIOS name of
the system.

server_protocol

http or https

Protocol used to access the


enterprise manager.
Either http or https.

Depends on install
options.
server_cert_dir

%installdirectory%\
Foundstone\Configur
ation

portal_id

Directory containing the SSL


certificates.
Internal system identification;
do not change this setting.

[API Server]
Entry

Default

Description

API_primary

Server that hosts the API


server (including the port to
access the API server).

API_secure

"1" indicates that a SSL


connection should be made to
the API server.

API_proxy_host

Proxy information if a proxy is


required for connecting to the
API server.

API_proxy_port

McAfee Vulnerability Manager 7.5 Installation Guide

86

Troubleshooting and Tips


Optional enterprise manager settings

Entry

Default

Description

API_connection_
timeout

The number of seconds to


wait for a connection to the
API server.

API_response_time
out

180

The number of seconds to


wait for a response to a query
from the API server.

API_authenticate

"1" indicates the use of


certificates to authenticate a
connection to the API server.

API_authenticate_
cn

Indicates whether or not to


verify against the CN value of
a certificate.

API_reconnect_
interval

180

No value - Turns off CN


verification.
hostname - The web
portal gets the host name
of the server and verifies
it against the CN value.
Any other value is verified
against the CN value.

The number of seconds


required before a
reconnection to the API
server can be made.

API_stream_select_ 3
timeout

The number of seconds PHP


waits for the stream
notification events before
quitting and trying again.

api_authenticate_ca Windows 2003

Path for the Certificate


Authority file.

C:\Program
Files\Foundstone\Co
nfiguration\CustomT
rustedCA.pem
Windows 2008 R2
C:\Program Files
(x86)\Foundstone\Co
nfiguration\CustomT
rustedCA.pem

McAfee Vulnerability Manager 7.5 Installation Guide

87

Troubleshooting and Tips


Optional enterprise manager settings

Entry

Default

Description

api_authenticate_
client

Windows 2003

Path for the certificate file the


API server uses to
communicate with the
enterprise manager.

C:\Program
Files\Foundstone\Co
nfiguration\CustomP
ortal.pem
Windows 2008 R2
C:\Program Files
(x86)\Foundstone\Co
nfiguration\CustomP
ortal.pem

[session]
Entry

Default

Description

session_validate_ip

true

Validates that the


current web browser IP
address is the same as it
was when authenticated
at logon time.
Either true or false.

session_validate_browser

Validates that the


current browser session
is the same as it was
when authenticated at
logon time.
Either true or false.
Not implemented by
default.

[report_server]
Entry

Default

Description

report_server

[hostname of
report engine
server]:port

Type the host name or IP


address, colon (:), port
number for the report
engine server.
Example:
MYHOST.XYZ.COM:3802

report_server_secure

Type 1 to use SSL,


otherwise type 0.

report_push_check

Only allows file transfers


from the report_server
and API_primary
addresses.

McAfee Vulnerability Manager 7.5 Installation Guide

88

Troubleshooting and Tips


Optional enterprise manager settings

[optional]
Entry

Default

Description

enable_dashboard_
configuration_applet

true

Not used.

enable_organization_
applet

false

Not used.

alerts_max

100

Maximum number of alerts to


display at one time.

scan_pulldown_alpha

false

How to sort pull-down scan list.


true = sort alphabetically by
scan name
false = sort in reverse
chronological order by scan
date

short_chars

30

Number of characters before


the scan name is truncated in
the Dashboard and menus.

string_chunk_len

100

When FSL scripts retrieve


information from a host, this
number determines how many
characters long each line should
be before being truncated.

string_chunk_delimiter

" "

Type the character (or space) to


be used to break the
information from the host into
individual lines.

scan_config_dropdown

30

Determines the number of


scans to be displayed on the
Scan drop-down box on the
Home page.

tree_expansion_default

On pages other than the


Organization Management or
asset management (containing
Java interfaces), this number
determines how many levels of
the organization tree are
shown.
There is no default value
assigned as of McAfee
Vulnerability Manager 7.5. A
value of 3 indicates that an
organization tree shows the
root level, 1st child level, and
2nd child level of workgroups.

McAfee Vulnerability Manager 7.5 Installation Guide

89

Troubleshooting and Tips


Optional enterprise manager settings

Entry

Default

Description

disable_quickscan

Disables the Quick Scan feature


from the enterprise manager.
This is disabled by default.

submit_feedback

Displays the Product Updates,


Release News, and Feedback
link in the enterprise manager.

auto_refresh_rate

10

The number of seconds before


the web page is automatically
refreshed.
To disable, set the value to 0.

[look_and_feel]
Entry

Default

Description

color_buttonf

;000000

Enterprise manager color


scheme setting.

color_buttonb

;333399

Enterprise manager color


scheme setting.

color_headerf

;FFFFFF

Enterprise manager color


scheme setting.

color_headerb

;333399

Enterprise manager color


scheme setting.

color_grey1

;e3e3e3

Enterprise manager color


scheme setting.

color_grey2

;cccccc

Enterprise manager color


scheme setting.

color_grey3

;3581cd

Enterprise manager color


scheme setting.

font

verdana

Enterprise manager typeface


setting.

font_size

Enterprise manager font size


setting.

McAfee Vulnerability Manager 7.5 Installation Guide

90

Troubleshooting and Tips


Optional enterprise manager settings

[ipranges]
Entry

Default

Description

enable_ipranges

true

Enable the entry of IP ranges


through the enterprise
manager. When set to False, IP
ranges can only be entered
through the API server.

max_ipranges

8000

Maximum number of IP ranges


to import from a text file before
truncating.

Entry

Default

Description

enable_mvas_options

false

Managed Service use only.


Either true or false.

threats

false

Managed Service use only.


Either true or false.

[mvas]

[debug]
Entry

Default

Description

debug

Enterprise manager debug mode.


on=1 and off=0

debug_soap

Enterprise manager debug mode:


include soap events in the output.
on=1 and off=0

debug_report_server 0

Enterprise manager debug mode:


used to test report uploads.
on=1 and off=0

debug_msi_server

Create log files when language packs


are pushed on the server that
executes them.
Enable log=1; Disable log =0

[fcgi]
This section is used for debugging the FastCGI components in McAfee Vulnerability Manager 7.5. It
might be used in a support call situation when additional logging needs to be turned on to help
identify a problem.

McAfee Vulnerability Manager 7.5 Installation Guide

91

Troubleshooting and Tips


Optional enterprise manager settings

[reports]
Entry

Default

Description

report_server_timeout

1200

Number of seconds to wait


between attempts to upload
reports to the server.

[il8n]
Entry

Default

Description

il8n_language

Determines which language to


display in the product.
cs = Chinese Simplified
ct = Chinese Traditional
de = German
en = English
es = Spanish
fr = French
ja = Japanese
kr = Korean

il8n_bullet

Determines the default bullet


character used throughout the
enterprise manager.

[threats]
Entry

Default

Description

max_threats

Determines the number of


threats that can be
viewed at one time on the
Threat Correlation page.
McAfee Vulnerability
Manager 7.5 supports
showing up to 19 threats
at a time.

max_intervals

Determines the number of


business units that can be
viewed at one time on the
Threats by Business Unit
page.

McAfee Vulnerability Manager 7.5 Installation Guide

92

Troubleshooting and Tips


Optional enterprise manager settings

Entry

Default

Description

tcv_enable_default_bu

0 disables this feature. If


there is a default business
unit, it comes from the
administrator.
1 enables users to see a
default business unit
containing all scans that
the user can access.

tcv_select_default _bu

0 disables this feature. If


there is a default business
unit available, it is not
automatically selected
when opening the Threat
Correlation page.
1 enables this feature.
The default business unit
is selected by default
when you view the Threat
Correlation page. The
default business unit
contains data for all scans
and workgroups that the
user can access.

tcv_central_admin_default_bu

0 disables this feature. A


default business unit
containing all workgroups
is not created for the Root
Organization
Administrator.
1 enables this feature. A
default business unit
containing the
organization and all
workgroups is created for
the Root Organization
Administrator.
Note: Since the default
business unit contains
data for all organizations
and workgroups, the
Threat Correlation page
can take a long time to
load all of the data.

McAfee Vulnerability Manager 7.5 Installation Guide

93

Troubleshooting and Tips


Optional enterprise manager settings

[RADIUS_server_options]
Entry

Default

use_radius_auth

Description
Set to "1" to turn on RADIUS
authentication.
This is disabled by default.

radius_primary_
address

IP address for the IAS server


or TekRADIUS server.

radius_primary_
secret

Type the secret used during


IAS or TekRADIUS set up.

radius_primary_port

The authentication port used.

radius_type_options

The type of protocol used.


Examples: PAP, CHPA_MD5,
and MSCHAPv2.

[java]
Entry

Default

Description

java_use_dynamic_jre_
versioning

false

Enables you to use the Sun


Java Runtime Engine version
1.4 or later for computers on
which the enterprise manager
is running. To use a different
version, change this entry to
true. The version of the JRE is
then managed by Sun via their
web server.
Changing this setting to true
allows you to use a version of
the JRE on which you have
standardized that might differ
from the current version
(1.6.0_07).
Note: Version 1.6.0_07 or later
of the JRE is required. Earlier
versions might appear to be
accepted, but they are
unsupported and the enterprise
manager might not display
properly.

McAfee Vulnerability Manager 7.5 Installation Guide

94

Troubleshooting and Tips


Optional enterprise manager settings

[remediation]
Entry

Default

Description

disable_verify

Specifies whether you want to


disable verification of tickets:
0 = do not disable verification
1 = disable verification

Compress a single PDF report


Entry

Default

Description

zip_single_pdf

By default,
this entry is
not in the
config.ini file.

Specifies whether a single PDF


report is delivered uncompressed
(default) or compressed.

true = compress single PDF


reports
false = do not compress single
PDF reports

Php.ini
PHP is a scripting language used by enterprise manager. The php.ini file contains PHP settings in
enterprise manager. This file contains many sections and settings, though this document addresses
only those settings that McAfee recommends for customers to change if necessary.
The default location for Microsoft Windows 2003 is c:\Program Files\Foundstone\PHP\php.ini.
The default location for Microsoft Windows 2008 R2 is c:\Program Files
(x86)\Foundstone\PHP\php.ini.
Caution: The majority of the settings in this file should not be modified for use with McAfee
Vulnerability Manager 7.5.

PHP Settings
Entry

Default

Description

max_execution_time

300

Maximum execution time of each


script, in seconds. This determines
how long to continue running a script
on a particular host before moving
onto the next.

max_input_time

600

Maximum amount of time each script


can spend parsing request data, in
seconds. This can be adjusted to
allow for larger file uploads that
time-out prematurely.

McAfee Vulnerability Manager 7.5 Installation Guide

95

Troubleshooting and Tips


Disabling SSL

memory_limit

32M

Maximum amount of memory, in


megabytes, that a script can
consume.

display_errors

Off

on Displays error messages to web


users. Use this setting only for
diagnostic purposes.
Caution: When this setting is On,
users might be able to view security
information, such as file paths and
database schema.
off Hides error messages.

post_max_size = 200M

200M
(200 MB)

Maximum size of POST data


supported by PHP.

upload_max_filesize =
200M

200M
(200 MB)

The maximum size of files that can


be uploaded to the enterprise
manager

Disabling SSL
Secure communication between the enterprise manager and the API server are set by default when
McAfee Vulnerability Manager is installed. If you are required to disable SSL, you must do the
following:
1

Turn off SSL in the configuration manager.


a Open the configuration manager and select Tools | Preferences | API Server.
b On the API Server tab, deselect both Use SSL options (under Incoming Connection and
Enterprise Manager).
c Click OK. The settings are not applied until the API server is restarted.
Restart the API server.
a In the left pane of the configuration manager, expand Foundstone Systems, then expand system that
hosts the API server.
b Select API server. Click Stop to stop the server.
c Once the server has stopped, click Start to start the server.
Modify the config.ini file on the enterprise manager.
a On the server running the enterprise manager, open the config.ini file.
The default location for Microsoft Windows 2003 is c:\Program
Files\Foundstone\Portal\include.

The default location for Microsoft Windows 2008 R2 is c:\Program Files


(x86)\Foundstone\Portal\include.
Set the following parameters:
server_protocol =http
API_secure =0
report_server_secure =0

Turn off SSL in the enterprise manager.


On the server running the enterprise manager, select Start | All Programs | Administrative
Tools | Internet Information Services (IIS) Manager.
In the left pane, expand the enterprise manager and select Web Sites (Windows 2003) or Sites
(Windows 2008 R2).
McAfee Vulnerability Manager 7.5 Installation Guide

96

Troubleshooting and Tips


Disabling SSL

For Microsoft Windows 2003:

In the right pane, right-click the website and select Properties.

Select Directory Security, then click Edit under Secure communications.

Deselect Require secure channel (SSL).

Click OK. Close the Properties dialog box.


For Microsoft Windows 2008 R2:

In the right pane, double-click the website.

Double-click SSL Settings.

Deselect Require SSL.

Click OK.
Restart the IIS server. Right-click the local computer, select All Tasks, then select Restart IIS.
Select Restart IIS, then click OK.
After IIS restarts, close the IIS manager window.

Turning off SSL in configuration manager


1

Open the configuration manager and select Tools | Preferences | API Server.

On the API Server tab, deselect both Use SSL options (under Incoming Connection and
Enterprise Manager).

Click OK.
The settings are not applied until the API server is restarted.

Restarting the API server


1

In the left pane of the configuration manager, expand Foundstone Systems, then expand
system that hosts the API server.

Select API server. Click Stop to stop the server.

Once the server has stopped, click Start to start the server.

Modifying the CONFIG.INI file on the enterprise manager


1

On the server running the enterprise manager, open the config.ini file.
The default location for Microsoft Windows 2003 is c:\Program
Files\Foundstone\Portal\include.
The default location for Microsoft Windows 2008 R2 is c:\Program Files
(x86)\Foundstone\Portal\include.

Set the following parameters:

server_protocol =http

API_secure =0

report_server_secure =0

McAfee Vulnerability Manager 7.5 Installation Guide

97

Troubleshooting and Tips


Why does my Foundstone Configuration Agent system tray icon have an exclamation mark

Turning off SSL on the enterprise manager


Microsoft Windows 2003
1

On the server running the enterprise manager, select Start | All Programs | Administrative
Tools | Internet Information Services (IIS) Manager.

In the left pane, expand the enterprise manager and select Web Sites.

In the right pane, right-click the website and select Properties.

Select Directory Security, then click Edit under Secure communications.

Deselect Require secure channel (SSL).

Click OK. Close the Properties dialog box.

Restart the IIS server. Right-click the local computer, select All Tasks, then select Restart IIS.
Select Restart IIS, then click OK.

After IIS restarts, close the IIS manager window.

Microsoft Windows 2008 R2


1

On the server running the enterprise manager, select Start | All Programs | Administrative
Tools | Internet Information Services (IIS) Manager.

In the left pane, expand the enterprise manager and select Sites.

In the right pane, double-click the website.

Under IIS, double-click SSL.

Deselect Require SSL.

Click Apply.

In the left pane, right-click the local computer and click Stop.

Right-click the local computer and click Start.

Close the IIS manager window.

Why does my Foundstone Configuration Agent system tray


icon have an exclamation mark
An exclamation mark appears on a system tray icon when something is not functioning properly. A
common solution is to make sure the user logging into the server has administrator rights.
The Foundstone configuration agent must be able to query service status and start or stop services.
Since the agent is a desktop application, it runs under the permissions of the logged in user. If the
user does not have administrator rights, the configuration agent tool might not function properly.

McAfee Vulnerability Manager 7.5 Installation Guide

98

Troubleshooting and Tips


Installation error when FIPS is enabled

Installation error when FIPS is enabled


If you try installing McAfee Vulnerability Manager 7.5 on a system that has the Federal Information
Processing Standard (FIPS) security setting enabled, the installation fails.
To resolve this issue, disable the FIPS security setting, install the product, and then re-enable the
FIPS security setting (if necessary).
1

Open the Local Security Policy, under Administrative Tools.

Select Start | Control Panel | Administrative Tools, then select Local Security Policy.

In the left pane, expand Local Policies, then select Security Options.

In the right pane, double-click System cryptography: Use FIPS compliant algorithms for
encryption, hashing, and signing.

In the dialog box, select Disabled, select Apply, then click OK.

Close the Local Security Settings window.

McAfee Vulnerability Manager 7.5 Installation Guide

99

Appendix
Microsoft SQL Server 2005 Express Settings

Appendix
Microsoft SQL Server 2005 Express Settings
Installation: McAfee recommends that you install Microsoft SQL Server 2005 Express on a Microsoft
Windows 2003 system.
Note: If you are installing SQL Server 2005 Express on a virtual system, the virtual system must be
on an IDE disk drive. See the VMware website or documentation for further information.
Suggested Usage: Only for class C networks.

Microsoft SQL Server 2005 Express installation settings


The following table shows the recommended settings for each step of the installation. These settings
are based on a typical Microsoft SQL Server 2005 Express installation.
Use the following settings when setting up Microsoft SQL Server Express.

SQL Server Express installation suggested settings


Installation Page

Setting

Registration
Information

Make sure Hide advanced configuration options


is not selected.

Feature Selections

Accept the defaults.

Instance Name

Select Default instance.


Note: It is possible to give the instance a name. You
must type this instance name when installing other
McAfee Vulnerability Manager components. See
Changing the SQL instance name (page 47).

Service Account

Select Use the built-in System account, then


select Local system from the list.
Select SQL Server under Start services at the
end of setup.
Note: If you are using a Named Instance, select SQL
Browser under Start services at the end of
setup.

McAfee Vulnerability Manager 7.5 Installation Guide

100

Appendix
Microsoft SQL Server 2005 Express Settings

Authentication Mode

Select Mixed mode. This mode is required to create


or upgrade the database. See Changing the Database
Authentication Settings (on page 77) for information on
how to change this setting later.
Create a password for the SA account. The
maximum password length is 128 characters.
Important: Remember this password. You need it when
you install the McAfee Vulnerability Manager
Configuration Manager, scan controller, API server,
notification service, data synchronization service, and
report engine.

Collation Settings

Accept the defaults.

User Instances

Accept the defaults.

Error and Usage


Report Settings

Accept the defaults.

After the installation has completed, McAfee recommends that you restart the computer to begin
using Microsoft SQL Server Express. Then, make sure you have the latest Microsoft SQL Server
Express Service Pack.

Enabling TCP/IP
By default, TCP/IP is disabled in Microsoft SQL Server 2005 Express. TCP/IP must be enabled for
McAfee Vulnerability Manager to function properly.
1

Open the SQL Server 2005 Surface Area Configuration wizard


Select Start | All Programs | Microsoft SQL Server 2005 | Configuration Tools | SQL
Server 2005 Surface Area Configuration.

Select Surface Area Configuration for Services and Connections.

Select Remote Connections under Database Engine.

Select Local and remote connections and select a TCP/IP option.

Click OK.

Restart the Database Engine service for the change to take effect.

Internet access
If a system is blocked from accessing the internet, the time service might no longer synchronize and
cannot provide the time to other clients or upgrade the system clock. This might cause McAfee
Vulnerability Manager services to not respond within an expected amount of time, causing a failure to
start. To resolve this, either let the system access the internet or add the ServicesPipeTimeout registry
entry.

ServicePipeTimeout registry entry


1

Select Start | Run.

Type regedit and click OK.

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\.

If ServicePipeTimeout does not exist, create a DWORD data type and label it
ServicePipeTimeout.

Assign a value larger than 30000 (milliseconds).


For example: 90000 (milliseconds).
McAfee Vulnerability Manager 7.5 Installation Guide

101

Appendix
Move the database

Microsoft SQL Server 2008 R2 Express settings


Installation: McAfee recommends that you accept the default settings during installation. You might
need to run the SQL Browser.
Suggested Usage: Only for class C networks.
Note: McAfee Vulnerability Manager does not support the use of Microsoft SQL Server 2008 Express.

Disabling Admin Approval Mode (Windows 2008 R2)


Microsoft Windows 2008 R2 has Admin Approval Mode enabled by default. With Admin Approval Mode
enabled, only the root administrator can successfully install McAfee Vulnerability Manager. All other
administrators might run into errors when trying to run or manage McAfee Vulnerability Manager.
1

Log on to the server as an administrator.

Select Start | Run.

Type secpol.msc and click OK.


The Local Security Policy window appears.

From the tree (left pane), double-click Local Policies.

Double-click Security Options.

Scroll down and double-click User Account Control: Run all administrators in Admin
Approval Mode.

Select Disable, then click OK.

Close the Local Security Policy window.

Restart the server for the policy change to take effect.

Move the database


If you have moved your database, there are some additional steps that must be done for McAfee
Vulnerability Manager to function properly. This also applies to moving your database during an
upgrade.
1

On the system that ran the database:

Stop the SQL service. You can also set the SQL service to Manual to free up some resources
on this server, but this is optional.

Delete or rename the database.ccf file. Default location: C:\Program


Files\Foundstone\Configuration.

Remove the database service dependencies for other McAfee Vulnerability Manager
components running on the server. See the McAfee KnowledgeBase article KB60408 for
detailed information.

After installing the database on the new server, open configuration manager and update the
database information.
In configuration manager, select Tools, then select Preferences. Select the Database tab and
update the database information.

McAfee Vulnerability Manager 7.5 Installation Guide

102

Appendix
Using the United States Federal Information Processing Standard

Run McAfee Vulnerability Manager Update to ensure that McAfee Vulnerability Manager content
has the latest information.

Move the enterprise manager


If you change the server the enterprise manager is running on, your existing report links no longer
appear because the reports are stored on the enterprise manager server. After you move the
enterprise manager, you should regenerate your reports to see them in the new portal.

Changing the Foundstone Configuration Agent Settings


All McAfee Vulnerability Manager components have a Foundstone Configuration Agent installed. The
communication between each FCM Agent and the FCM Server is Port: 3801, (SSL over) TCP/IP. Some
configuration agent settings can be changed using the Foundstone Configuration Agent Settings dialog
box.

Using the United States Federal Information Processing


Standard
The United States Federal Information Processing Standard (FIPS) is a security requirement for
computers used by the United States federal government. The FIPS 140-2 standard defines
cryptographic algorithms and requirements for generating keys. McAfee Vulnerability Manager
supports the use of the FIPS 140-2 standard.

Configuring IIS and SQL to be FIPS compliant


For further information, see the Microsoft KB article about FIPS 140-2 compliant mode.
Note: FIPS 140-2 requires Microsoft SQL 2005 SP1 or a later version of SQL server on a Windows
2003 based server.
1

Open the Local Security Policy, under Administrative Tools.

Select Start | Control Panel | Administrative Tools, then select Local Security Policy.

In the left pane, expand Local Policies, then select Security Options.

In the right pane, double-click System cryptography: Use FIPS compliant algorithms for
encryption, hashing, and signing.

In the dialog box, select Enabled, select Apply, then click OK.

Close the Local Security Settings window.

When the server operating system is configured for FIPS 140 compliant mode, McAfee Vulnerability
Manager users cannot access the enterprise manager if TLS 1.0 is not enabled in their web browser.
See the Enable TLS 1.0 on the client system procedure below for setting up client browsers.

Enabling TLS 1.0 on the client system


For further information, see the Microsoft KB article about FIPS security settings in Windows XP and
later versions.

McAfee Vulnerability Manager 7.5 Installation Guide

103

Appendix
Using the United States Federal Information Processing Standard

In Internet Explorer, select Tools, then select Internet Options.

Select the Advanced tab and navigate to Security.

Make sure the following checkboxes are selected:

Use SSL 2.0

Use SSL 3.0

Use TLS 1.0

Select Apply, then click OK.

McAfee Vulnerability Manager 7.5 Installation Guide

104