You are on page 1of 31

McAfee Training

Information Security Architect Alan J. White, CISSP, CEH, GCIA

February 23, 2014

Agenda
Product Overview Virus Scan Reports (Emailed or save as PDF) System Compliance Profiler Rogue System Detection

February 23, 2014

News
Recent Spyware incident News McAfee flaw should have a patch very soon. Virex does support Mac OS X, despite Apple no longer supporting the product, however a patch is needed for 7.7 to resolve an updating issue.

February 23, 2014

Best Higher Education Virus Website

February 23, 2014

Support
URI has site license for several McAfee products, for both office and home use, but not for any commercial use. Must use in accordance with McAfee terms of agreement
http://www.uri.edu/virus/license.php

February 23, 2014

Support
Method of support and contacts: Primary: Alan White alanwhite@uri.edu 874-4787 Secondary: Tanya Roberts (Currently on maternity leave) Tanya@uri.edu Tertiary: Mark Oliver opus@uri.edu 874-4481

Information needed: - Issue - Product - Operating System and Patch Level (run winver.exe at CMD prompt) - Any actions performed in troubleshooting
Free Information (FAQs, Documentation, etc.): http://knowledge.mcafee.com/
February 23, 2014

Products
Virus Scan
This year, reviews give the edge to McAfee VirusScan 2006 over the
other industry leader, Norton Anti-Virus.[1] Many features and very customizable
Block non authorized SMTP programs, main note that URI has had to add several programs for users to send email, most popular programs are already included such as Thunderbird, Eudora, Outlook, etc. Change Daily scan time and frequency (Currently Daily) Change local repository (Currently URI, then McAfee) Change how often to check for new virus definitions (Currently every few hours)

[1] http://www.consumersearch.com/www/software/antivirus-software/index.html
February 23, 2014

Products
Virus Scan
Disadvantage: System resource hog during daily scans Need to realize the any changes made on a local machine are overridden every 5 minutes by central policy

February 23, 2014

Products
Anti-Spyware
Advantage is that it adds Approx. 500+ additional definitions for known spyware. No additional CPU overhead for running two separate products as with others (Ad-Aware, Spyware, etc) McAfee paid support for Q&A Rated #1 by independent review:
http://www.uri.edu/virus/app/spywarereview.pdf
February 23, 2014

Products
Anti-Phishing
Free tool for IE Browsers Warns and blocks access to Spoofed Websites (Picks up most, does miss some) Note: A fake PayPal website looks the same in IE as it does in Firefox Download at: www.uri.edu/virus/tools Screen Shot: http://www.uri.edu/virus/app/phishing.doc
February 23, 2014

Products
Spam Submission Tool
Free tool to promote better SPAM filters, as well as report Fake Phishing sites. Disadvantage only works with Outlook 2000,XP,2003 (Not Outlook Express) Download at: www.uri.edu/virus/tools

February 23, 2014

Products
Stinger
Free tool that only runs when initiated and can only detect about 50-60 Viruses Disadvantage must be downloaded each time you use as it will be out of date Advantage is it is very fast as a Seek and Destroy Stand Alone Tool Note: Big misconception that it has a complete list of all viruses. It Doesnt Download at: http://vil.nai.com/vil/stinger/ or a bit out of date www.uri.edu/virus/tools

February 23, 2014

Products
SuperDat
Free package with all Virus/Spyware definitions Note: Dats contain only the last few definitions and Extra Dats are issued in between dats when URI detects Brand New Viruses (which has happened several times) Note: Wont install Spyware definitions is AntiSpyware is not installed Download at: http://www.mcafee.com/apps/downloads/security_upd ates/superdat.asp or local at www.uri.edu/virus/tools
February 23, 2014

Products
LinuxShield
Linux AV protection Dont be too cool not to install Several Linux machines on campus would have detected hackers installing malicious code and back door programs if used This can be monitored and generate reports via ePo console Note: Be sure to check and install patches RPM and Source Code available Download at: http://www.uri.edu/virus/linux.php
February 23, 2014

Products
Virex
Available for OS X Current Version 7.7 with Patch This can be monitored and generate reports via ePo console The ePo agent is optional Download at: http://www.uri.edu/virus/mac.php

February 23, 2014

Products
PDA
Protection for Windows Pocket PC Only URI has seen viruses on PDAs Not much overhead, scans on ActiveSync or on demand Download at: http://www.uri.edu/virus/pda.php Screen shot: http://www.uri.edu/virus/img/ppc.jpg

February 23, 2014

Products
Firewall
ePo Managed vs. Standalone Managed allows an admin to control the Firewall rule set on several machines at once remotely. Standalone only gets patches and IPS updates from the ePo server, no policies.
Managed on default install, does not allow user to make rule changes, hides the icon, and has set of normally needed Microsoft ports blocked.

February 23, 2014

Products
Firewall
Several Features
Block IPs, Protocols, Ports, Programs, DNS Names (very granular rules) Great logs, must choose activity to log, can change location Includes several Buffer overflow attempt definitions

February 23, 2014

Firewall Managed

February 23, 2014

Products
Command Line Scanners
Available for Windows and many flavors of Linux Advantage: No install just copy and run from cmd prompt Example used on a URI email server:
uvscan --noboot --secure -rv --summary --mime <directory>.

Download at: www.uri.edu/virus/tools


February 23, 2014

ePo Console
Policy Control based on IP, Workgroup, Domain, Computer Name Policies Note: ePo console has to be at same patch level as sever, so each major patch release requires a local patch.can not be applied automatically or remotely Same applies to McAfee Firewall ref. patches
February 23, 2014

ePo Agent
Check ePo agent http://MachineIP:8081

February 23, 2014

Virus Scan Control

February 23, 2014

Firewall

February 23, 2014

Rouge System Detection

February 23, 2014

Virus Type Report

February 23, 2014

ePo Console

To Manually make a computer check for new policy:

February 23, 2014

Virex ePo

February 23, 2014

Custom Blocking of Programs

February 23, 2014

Coming Soon
NAC Network access control
http://www.mcafee.com/us/enterprise/product s/network_access_control/index.html

HIPS Replace McAfee Firewall with Host Intrusion Prevention


http://www.mcafee.com/us/local_content/data sheets/partners/ds_hips.pdf

February 23, 2014

Questions
Download Copy of Presentation:
www.uri.edu/virus/app/mcafee.ppt

February 23, 2014