0.9 Point Prod VSE Deployment Policy Config

8/18/2019 0.9 Point Prod VSE Deployment Policy Config

1/58

ePolicy Orchestrator 5.1 Esse013 McAfee, Inc. All Rights Reserved. 1


2/58ePolicy Orchestrator 5.1 Esse013 McAfee, Inc. All Rights Reserved. 2

This module reviews client task configuration and functionality. Students will be shown the process

on deploying point products from ePO along with information on troubleshooting productdeployment.

This module also covers the steps involved in configuring a Point Product’s available policy settings

and then validating and troubleshooting the enforcement on the managed endpoint(s).



In addition to managing security products, ePolicy Orchestrator can deploy products, components,

and updates to the desired managed systems. You can perform these actions as needed, or you canschedule them using client and server tasks.

Client TasksClient tasks help automate how you manage systems in the network. They are commonly used for thefollowing activities.

• Product deployment• Product functionality; for example, the VirusScan Enterprise (VSE) On-Demand Scan task.• Upgrades and updates

The extension files installed on the ePO server determine which client tasks are available.

Server TasksServer tasks are configurable actions that run on your ePO server on a schedule. You can leverageserver tasks to help automate repetitive server tasks that need to be performed on your server.McAfee ePO software includes preconfigured server tasks and actions by default. Most of theadditional software products you manage with your ePO server also add preconfigured server tasks.Some example server tasks are:

• Disaster Recovery Snapshot Server: Create a Disaster Recovery Snapshot on a daily basis.• Purge Threat and Client Events Older than 90 Days.• Duplicate Agent GUID: clear error count: Clear Sequence Error Count for systems who have not

recently reported duplicate activities.• Duplicate Agent GUID - remove systems with potentially duplicated GUIDs: Delete systems

whose sequence error count has exceeded the threshold and add Agent GUID to duplicate list.


4/58ePolicy Orchestrator 5.1 Esse013 McAfee, Inc. All Rights Reserved. ‹#›

• Query: run a query on a regular basis.



Client Tasks

You manage client tasks from the Client Task Catalog page. Go to: Menu > Policy > Client TaskCatalog. The Client Task Catalog page opens.

Server Tasks

You manage server tasks from the Server Tasks page. Go to: Menu > Automation > Server Tasks. The

Server Tasks page opens.



Client and server tasks help automate the process of managing the security software deployed to the

systems on the network.

Client and Server Task Workflow

Follow these high-level steps when creating client and server tasks for the first time.

1. Plan the client tasks you want to automate; for example, deploy product software, perform

product updates, and more.

2. Create and assign client tasks to specific groups and systems.

3. Create server tasks to keep the repositories up-to-date and to automate server maintenance

tasks.

4. Schedule tasks to run automatically.


7/58



The Client Task Catalog Actions menu specifies actions you can perform for the selected object,

including:• Import: Opens the Import page, where you can import Client Task objects from an XML file.

When importing a file containing multiple Client Task objects, you can choose which tasks to

import. NOTE: If you choose to import a Client Task object that is identical to an existing Client

Task, the existing object is overwritten.

• Export All: Opens the Export page, where you can export an XML file containing all client task

objects for the products listed in the Task Type pane. Use this action when you want to create an

XML file that you can import into this or other ePO servers. NOTE: Performing this action does

not delete the client task objects from the server.


9/58



In each row containing a client task, you can perform these actions for the selected task:

Click the name of the client task to modify the details of this object. Changing a client task objectaffects all instances where this object is assigned.

• Name column: Name of the client task.

• Owners column: Displays the Task Ownership page, where you can view and change the client

task's owner.

• Assignments: Opens the Task Assignments page, where you can view the current client task

assignments.



Actions column: Contains several options:

• Delete: Deletes the selected object from the Client Task Catalog.• Duplicate: Creates a copy of the selected client task object.

• Assign: Opens the Select a group to assign the task page, where you can identify a group in your

System Tree to assign this task. Selecting a group and clicking OK opens the Client Task

Assignment Builder, where you can complete the assignment process.

• Share/Unshare: Shares or unshares the selected client task object. To share a client task object

with other ePO servers in your environment, you must have another ePO server registered with

this ePO. In addition, a Share Client Tasks server task must be created and enabled.



The New Task button is used to create a new client task object.



You can use client tasks to automatically deploy product software, perform product updates, and

more. The process is similar for all client tasks. In some cases you must create a new client taskassignment to associate a client task to a System Tree group.

Complete these steps from the ePO console. For option definitions, click ? in the interface.

1. Go to the Client Task Catalog page (Menu > Policy > Client Task Catalog).

2. Select a Client Task Type in the left pane; for example, McAfee Agent > Product Update.

3. Click Actions > New Task (or click the New Task button).

4. Select a task type from the list, then click OK. The Client Task Builder wizard opens.

5. Type a name for the task you are creating, add a description (optional), then configure the

settings specific to the task type you are creating. The configuration options change depending

on the task type selected.6. Review the task settings, then click Save. The task is added to the list of client tasks for the

selected client task type.



Complete these steps from the Client Task Catalog page, to edit a client task:

1. Select a Client Task Type in the left pane; for example, McAfee Agent > Product Update.2. Select a client task in the right pane.

3. Click the client task name in the Name column.

4. Edit the settings, as needed, then click Save.



Complete these steps from the Client Task Catalog page, to delete a client task:


3. Click the Delete link for the selected task.

4. When prompted, click OK.



Complete these steps from the Client Task Catalog page:


3. Click the Duplicate link for the selected task.

4. Enter task name, then click OK.

5. Use the Client Task Builder wizard to finish the setup. The steps are similar to those for creating

a new task.



Client tasks in the Client Task Catalog must be assigned to the managed systems to take affect. When

you click the Assign link, you are prompted to specify the System Tree group where you want toassign the client task object, then the Client Task Assignment Builder opens. Client Tasks are inherited

by any managed system in or below the group you specify.


18/58



Task to Schedule

Use the options in this section to specify settings, including:

• Product: Select the managed product from this list that provides the Client Task object you want

to assign. For example, select the McAfee Agent product category to display McAfee Agent Client

Task objects. Choices in this list are dependent on the managed product extensions checked into

your ePO server.

• Task Type: Specify which task type you want to assign. Each managed product has a predefined

set of task types you can employ.

• Task Name: Choices in this list are dependent on the Client Task objects you create. You can

create Client Task objects using the Client Task Catalog, or create one now by clicking Create New

Task. When you create a new Client Task object, it is stored in the Client Task Catalog.

Created at

This field identifies the System Tree location where this Client Task Assignment is enforced. By

default, all groups and systems below this location inherit this assignment unless you break

inheritance manually.

Lock Task Inheritance

Specify whether task inheritance is:

• Locked: Managed systems below this location cannot have inheritance broken.

• Unlocked: Managed systems below this location can have inheritance broken. Note When

inheritance is locked, only the Client Task owner, Global Administrators, or users with specific

permissions can unlock inheritance. The owner is the user who created the Client Task object.

Tags

Use this setting to use Tags to include or exclude tagged managed systems from this assignment. Forexample, if you assign a Client Task at the My Organization level in the System Tree, and choose to

send this assignment only to systems with the Server tag, any system in the My Organization group

that does not have the Server tag will not receive this task.

NOTE: You cannot create and apply tags to your managed systems while creating or managing Client

Task Assignments. The tags must already be created and assigned. For more information on creating

and applying tags, see Tags and how they work in the ePolicy Orchestrator Product Guide.



Client tasks run on the clients and are typically scheduled to run at a specific time. They are different

from policies because they are an action that the client must perform at a predetermined time.

In this next step, enter the scheduling parameters, then click the Next button in the bottom right

corner. See the next page for information about the fields.



Schedule status

Specifies whether the task runs according to its schedule. If the schedule is disabled, the task can only

be run only from the System Tree >Systems page by clicking Actions > Agent > Run Client Task Now

or as a Server Task action.

Schedule type

Specifies the time interval for running the client task. Options include:

• Daily: Specifies that the task runs every day, at a specific time, on a recurring basis between two

times of the day, or a combination of both.

• Weekly: Specifies that the task runs on a weekly basis. Such a task can be scheduled to run on a

specific weekday, all weekdays, weekends, or a combination of them. You can schedule such a

task to run at a specific time of the selected days, or on a recurring basis between two times of

the selected days.

• Monthly: Specifies that the task runs on a monthly basis. Such a task can be scheduled to run on

one or more specific days of each month at a specific time.

• Once: Starts the task on the time and date you specify.

• At System Startup: Starts the task the next time you start the server.

• At logon: Starts the task the next time you log on to the server.

• When idle: Starts the task the next time the client goes idle. Once initiated, the task continues to

run until its complete, even if the system does not stay idle. Note: After the task is run the first

time, it is not run again.

• Run immediately: Starts the task immediately.

• Run on dialup: Starts the task the next time that the managed system establishes a dialup

connection to the network.

Effective period

Specify the following:

• End date: The date on which the client task becomes unavailable to the scheduled interval.

• Start date: The date on which the client task is available to begin running at the scheduled

intervals.

Start time

Specify the time at which this task should begin, as well as: •Whether to run the task only once at the

Start time, or to continue running until a later time. You can also specify the interval at which the task

runs during this interval.

Task runs according to

Specifies whether the task schedule runs according to the local time on the managed system or

Coordinated Universal Time (UTC).

Options

Specifies how the task behaves and the actions that can be taken if the task runs too long, or whetherthe task should run if it was missed. Options include:

• Enable randomization X hours Y minutes: Specifies that this task runs randomly within the time

you specify. Otherwise, this task starts at the scheduled time regardless if other client tasks are

scheduled to run at the same time.

• Run missed task X minute delay: Runs the task after a user-configured number of minutes once

the managed system is restarted.

• Stop the task if it runs for X hours Y minutes : Stops the task when it has run for a user-

configured amount of time.



Consider the following when creating and scheduling client update tasks:

• Create a task to update DAT and engine files daily at the highest level of the Directory that isinherited by all systems. If your organization is large, you can use randomization intervals to

mitigate the bandwidth impact of all systems updating at the same time. Also, for large networks

with offices in different time zones, running the task at the local system time on the managed

system, rather than at the same time for all systems, helps balance network load.

• Schedule the update task at least an hour after the scheduled replication task, if you are using

scheduled replication tasks.

• Run update tasks for DAT and engine files at least once a day. Managed systems can be logged off

from the network and miss the scheduled task; running the task frequently ensures these

systems receive the update.

• Maximize bandwidth efficiency and create several scheduled client update tasks that updateseparate components and run at different times. For example, you can create one update task to

update only DAT files, then create another to update both DAT and engine files weekly or

monthly — engine packages are released less frequently.

• Create and schedule additional update tasks for products that do not use the agent for Windows.

• Use the Run missed task option. This can be useful if systems are logged off from the network at

the scheduled update time, ensuring they update after logging onto the network.



After completing the steps using the Client Task Assignment Builder, verify the configuration. If

necessary, use the Back button to return to a previous step to make changes. When you are satisfiedwith the settings, click Save.



Client tasks can be set at a group or machine level and always inherits to the group or machine below

them. Customers should always try to set their client tasks at the highest point of their directory tree,like the My Organization level. This reduces the number of tasks they will have to manage and keeps

administration overhead to a minimum.

You can see when systems or groups are not inheriting task. You can select the blue hyperlink and

select the systems or groups and reset the inheritance upon the desired nodes.



Use this task to edit a client task’s settings or schedule information for any existing task.

1. Go to System Tree >Actions > Agent > Modify Tasks on a Single System.2. Click the task name to edit the task, or click on the blue Edit Assignment hyperlink to modify

which systems it is assigned to.

3. Edit the task settings as needed, then click Save.

The managed systems receive these changes the next time the agents communicate with the server.

Note that saving an inherited task at the subgroup level breaks the task’s inheritance.



Some commonly-used client tasks are described below. We will take a closer look at these tasks in the

following sections.

McAfee Agent:

• McAfee Agent Statistics: Collect network bandwidth saved by RelayServer and SuperAgent

hierarchical feature.

• McAfee Agent Wakeup: Triggers an immediate Agent-Server Communication. This applies to

Windows operating systems only.

• Mirror Repositories: Specifies a location on the managed system to replicate contents from the

repository. This applies to Windows operating systems only.

• Product Deployment: Install a product on managed systems.

• Product Update: Update a product on managed systems.

VirusScan Enterprise: Perform On-Demand Scan and Restore From Quarantine.

NOTE: Client tasks in the Client Task Catalog must be assigned to the managed systems to take affect.



You can configure the McAfee Agent Statistics task to collect network bandwidth saved by

RelayServer and SuperAgent hierarchical feature.Creating a New TaskThe steps are:

1. Provide a name for the task.

2. Optionally, provide a description of the task's purpose.

3. Select from the Statistics Options.

• RelayServer Statistics: Collects these statistics from the client systems: Number of failed connections to the RelayServers Number of attempts made to connect to the RelayServer after the maximum allowed

connections•

SuperAgent Hierarchical Update Statistics: Collects the network bandwidth saved by useof SuperAgent hierarchy.

Agent Relay CapabilityIf your network configuration blocks communication between the McAfee Agent and the McAfee ePOserver, the agent can't receive content updates, policies, or send events. Relay capability can beenabled on agents that have direct connectivity to the ePO server or Agent Handlers to bridgecommunication between the client systems and the McAfee ePO server. You can configure more thanone agent as a RelayServer to maintain network load balance.

SuperAgent Hierarchical CapabilityYou can create a hierarchy to avoid repetitive download of the content update from the ePO server ordistributed repository. It is recommended to have a three-level hierarchy of SuperAgents in your

network.


28/58



The Mirror Repositories page specifies a location on the managed system to replicate contents from

the repository. The repository this task uses is selected based on policy selections on the Repositoriestab of the agent policy pages.

Creating a New Mirror Repositories (Windows only) Task

The steps are:

1. Provide a name for the task.

2. Optionally, provide a description of the task's purpose.

3. Specify the path and folder where the repository contents are copied. The repository selected

is based on policy selections on the Repositories tab of the agent policy pages.


30/58



Fields and Descriptions

• Task Name: Provide a name for the task.

• Description: An optional description of the task's purpose.

• Target platforms: Specifies all platforms where these packages are deployed.

• Products and components: Select the products and components to deploy when this task runs.

If you do not see the product you want to deploy listed here, you must first check in that

product’s software package.

Select Add (+) or Delete (-) to add or delete products from the list. For each product:

o Specify the Action, Language, and Branch.

o Optionally, specify command-line update options by typing the desired command.

• Options: Select Run at every policy enforcement (Windows only) to ensure the deploymentoccurs again at the policy enforcement interval if a user has removed the product or component.

• Postpone Deployment dialog box (Windows systems only): Select Allow end users to postpone

this update to give the user the option to postpone the update; for example, if users are in the

middle of an important task, they can postpone the update to finish the task, or at least close

any open applications.

• Maximum number of postpones allowed: Specifies the number of times a user can postpone

the update. Defaults to 1.

• Option to postpone expires after (seconds): Specifies how long the option to postpone exists.

Once this threshold is passed, the update begins. Defaults to 20 seconds.



• Display this text: Specifies a message displayed in the Postpone Update dialog box.



Use this task to deploy products to a single system using the Product Deployment task.

Create a Product Deployment client task for a single system when that system requires:

• A product installed which other systems within the same group do not require.

• A different schedule than other systems in the group. For example, if a system is located in a

different time zone than its peers.

Steps

1. Go to System Tree > Systems, then select the group in the System Tree which contains the

desired system.

2. Select the checkbox next to the desired system.

3. Click Actions > Agent > Modify Tasks on a Single System. The list of tasks assigned to thissystem appears.

4. Click Actions > New Client Task Assignment. The Description page of the Client Task

Assignment Builder appears.

5. Select McAfee Agent > Product Deployment from the Task information screens.

6. Click Create New Task.

7. Add any descriptive information to the Notes field.

The information you add here is only visible when you open the task at the system for which you are

configuring the task.

Continued on next page



Steps (Continued)

8. Select the desired platforms to which you are deploying the packages.

9. Next to Products to deploy, select the desired product from the first drop-down list. The

products listed are those for which you have already checked in a package file to the master

repository. If you do not see the product you want to deploy listed here, you must first check in

that product’s package file.

10. Set the Action to Install, then select the language version of the package.

11. To specify command-line install options, type the desired command-line options in theCommand line text field. See the product documentation for information on command-line

options of the product you are installing.

12. Click Save.

13. Select your newly created task and click Next. The Schedule page appears.

14. Schedule the task as needed, then click Next. The Summary page appears.

15. Review and verify the details of the Product Deployment task, then click Save.



Product Update page (Client Task Configuration)

The Product Update page is where you configure how the McAfee Agent updates packages,signatures, and engines on managed systems.



When you are configuring the options for updating signatures, engines, patches, service packs, and

any other update types, it is important to keep in mind that the McAfee Agent policy is where youconfigure the location and the desired repositories that you want the system to access for updates.

The product update task lists the package types that you can update. If, for example, the customer

wants to control the update for a new engine version then they will need to configure both the policy

location along with the task.



After you have Client tasks defined in the task Catalog, you can select systems in the System tree and

select the McAfee Agent action Run Client Task Now.



You can then select the task you wish to run. Once you click the Run Task Now button it will present a

Status bar showing the status of the task on each system you selected the task to run.


39/58



The administrator will need to check product installation software in to the ePO 5.1 Master

Repository for deployment to systems. This can be done manually through the Master Repository orautomatically through the Software Manager.

Customers can download their licensed software from the McAfee downloads site or through the

Software Manager.

To manually download McAfee products, updates, and documentation, visit the Downloads page at

http://www.mcafee.com/us/downloads/downloads.aspx .

To download through the Software Manager:

1. Log on to the ePO console.2. Click Menu.

3. Click Software, Software Manager.

4. Under Software Not Checked In, select the product you wish to download or check in from the

Product list in the detail pane.

5. Under the details, select to check in all components or select them individually. You can select

to check in, download, remove, or update components.

Checked in packages are displayed on the Master Repository page. Successfully checked in products

will display:

• Install listed in the Type column

http://www.mcafee.com/us/downloads/downloads.aspxhttp://www.mcafee.com/us/downloads/downloads.aspx



• OK listed in the Status column



You can check in deployment packages manually to the Master Repository so that the ePO server can

deploy them. The Check In Package button launches the Check in Package wizard. Use this to browseto a new package to be checked in to the server.



A product’s extension must be installed before ePolicy Orchestrator can manage the product.

The Extension page is used to upload the files needed by point products to be managed through ePO.

For example, Vulnerability Manager has an extension that ensures among other things that the

proper menus are added to ePO for administration.

To bring products under management:

1. From the ePO console, click Menu > Software > Extensions > Install Extension .

2. Browse to and select the extension file, then click OK.

3. Verify that the product name appears in the Extensions list.



Deploying security products to managed systems using a deployment project allows the customer to

easily select products to deploy, the target systems, and schedule the deployment.

Customers can use the Product Deployment page to display the configuration and status of currently

configured deployment projects. Plus, you can edit, delete, duplicate, start, stop and uninstall

deployment projects using this page.



To create a new deployment project:

1. Click Menu > Software > Product Deployment.

2. Click New Deployment to open the New Deployment page to start a new project.

3. Type a Name and Description for this deployment. This name appears on the Deployment page

after the deployment is saved.

4. Choose the type of deployment:

• Continuous – Uses your System Tree groups or tags to configure the systems receiving the

deployment. This allows these systems to change over time as the yare added or removed from

the groups or tags.

• Fixed – Uses a fixed, or defined, set of systems to receive the deployment. System selection is

done using your System Tree or Managed System Queries table output.5. To specify which software to deploy, select a product from the Package list. Click + and – to add or

remove packages.

6. In the Command line text field, specify any command-line installation options.

NOTE: After choosing the type of deployment, either Fixed or Continuous, the menu options change

in Select the systems area (in ‘Select Systems’ windows).

Continued on next page



7. In the Select the systems section, click Select Systems to open the System Selection dialog box.

The System Selection dialog box is a filter that allows you to select groups in your System Tree,

Tags, or a subset of grouped and/or tagged systems. The selections you make in each tab within

this dialog box are concatenated to filter the complete set of target systems for your deployment.

For example, if your System Tree contains, “Group A,” which includes both Servers and

Workstations, you can target the entire group, just the Servers or Workstations (if they are tagged

accordingly), or a subset of either system type in group A.

8. Pick a start time or schedule for your deployment:

• Run Immediately – Starts the deployment task during next ASCI.

• Once – Opens the scheduler so you can configure the start date, time, and randomization.

9. When finished click Save at the top of the page.



After saving the task, the Product Deployment page opens with your new project added to the list of

deployments.

After you create a deployment project, a client task is automatically created with the deployment

settings.

You can click on the System Actions button to display the list of systems in a new page where you can

perform system specific actions on the systems you select.



Troubleshooting Product Deployment Issues

1. Validate that the agent(s) received the task.a. Validate that the task is present on the client.

Check for its presence in the Datastore.bin file.

Check for the corresponding task ini file in the agent’s task folder.

b. If task was not received, validate that the agent is communicating with ePO. If failing to

communicate, investigate as an agent-to-server communication problem (check the

Agent_.log file).

2. On the ePO Server side, review the server.log file. To validate the task was provided without

errors.

3. Validate that the agents executed the task at the scheduled time. Check the

Agent_.log, and McScript.log files.4. Is task being written to the registry?

a. Use PROCMON to capture if the task (policy) is attempted to be written to the registry. If it

is and access was denied, then we know it to be a permissions related issue.

It’s this type of troubleshooting methodology that will help you identify where the failure is occurring

and why.

NOTE: When ePO deploys a product, it only pushes out the files to the client and starts the

installation. Any problems with providing the files or starting the installation is generally the

deployment tasks fault. Any problems after that are on the application/point product.



Managing products from a single location is a central feature of ePolicy Orchestrator. This is

accomplished through application and enforcement of product policies. Policies ensure a product’sfeatures are configured correctly, while client tasks are the scheduled actions that run on the

managed systems hosting any client-side software.



A policy is a collection of settings that you create and configure, then enforce. Policies make sure that

the managed security software products are configured and perform accordingly. Some policysettings are the same as the settings you configure in the interface of the product installed on the

managed system. Other policy settings are the primary interface for configuring the product or

component. The ePolicy Orchestrator console allows you to configure policy settings for all products

and systems from a central location.

Each McAfee product Extension file within the ePO repository is represented in the Policy Catalog list.

Generally by default only two named policy objects exists for each product policy. One is named

McAfee Default, and cannot be renamed, edited, or deleted (but can be duplicated). The other policy

is named My Default and this policy can be edited, renamed, duplicated, deleted, or exported.

Policy objects are managed from within the Policy Catalog. From here policies can be viewed,

duplicated, copied, enforced, and policy assignments can be viewed. However, policies cannot be

assigned to System Tree nodes from within the catalog. In order to assign a policy to a System Tree

node the node itself must be selected.

Policy categories

Policy settings for most products are grouped by category . Each policy category refers to a specific

subset of policy settings. Policies are created by category. In the Policy Catalog page, policies are

displayed by product and category. When you open an existing policy or create a policy, the policy

settings are organized across tabs.



The product configuration options on the managed system is almost identical to that specified

through the product policies in ePO, as shown here. The left graphic shows Access Protectionconfigured locally on a system running VirusScan Enterprise. The right graphic shows how this same

configuration can be enforced using ePO product policies.



It is likely that most systems within any environment will require identical or very similar

configurations. A small minority of systems may require radically different settings from the majority.The purpose of policy objects and inheritance is to allow the described scenario (or any given

scenario) to be implemented with as minimal effort as possible.

Policy inheritance is the concept of a higher-level policy assignment being applied to a lower-level

node.

Policy assignment is the allocation of a specific named policy object at a specific node within the ePO

System Tree.



You can create a new policy from the Policy Catalog by clicking the button at the top left-hand side of

the Policy Catalog page labeled New Policy. This allows you to base the new policy on a duplicate ofan existing policy object. Policies created here are by default not assigned to any groups or systems.When you create a policy here, you are adding a custom policy to the Policy Catalog. You can createpolicies before or after a product is deployed.

In addition to specifying how the policy obtains its initial configuration, you must specify the name.After the policy is created, you can change inheritance and any configuration contained within thepolicy.

To create a new policy:

1. Click Menu on the navigation bar. Select Policy Catalog within the Policy section.2. Select the Product and Category from the drop-down lists. All created policies for the selected

category appear in the details pane.

3. Click New Policy button. The Create new policy dialog appears.

4. Select the policy you want to duplicate from the Create a policy based on this existing policydrop-down list. Type a name for the new policy and click OK.


54/58


55/58



When policies are enforced

When you reconfigure policy settings, the new settings are delivered to, and enforced on, themanaged systems at the next agent-to-server communication.

Once the policy settings are in effect on the managed system, the agent continues to enforce policy

settings locally at the regular interval. This enforcement interval is determined by the Policy

enforcement interval setting on the General tab of the McAfee Agent policy pages.

Policy settings for McAfee products are enforced immediately at the policy enforcement interval, and

at each agent-to-server communication if policy settings have changed.



Troubleshooting Point Product Policy Enforcement

1. Is the policy set up correctly?

a.VSE splits policies between workstation and server OSes.

2. Has an agent wakeup occurred since saving the policy?

3. Is the target client(s) receiving the policy?

a.Check the Agent_.log and Datastore.bin files.

4. Use PROCMON to capture if the policy is attempted to be written to the registry. If it is and

access was denied, then we know it to be a permissions related issue.


58/58

Documents

0.9 Point Prod VSE Deployment Policy Config