45
Product Guide Revision A McAfee Client Proxy 2.1.2 For Windows and Mac OS For use with McAfee ePolicy Orchestrator

Revision A Product Guide - McAfee · View end-user installation data ... Important advice to protect your computer system, software installation, ... 4 Create policies that meet the

  • Upload
    haphuc

  • View
    212

  • Download
    0

Embed Size (px)

Citation preview

Product GuideRevision A

McAfee Client Proxy 2.1.2For Windows and Mac OS

For use with McAfee ePolicy Orchestrator

COPYRIGHT

Copyright © 2016 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

TRADEMARK ATTRIBUTIONSIntel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee ActiveProtection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfeeTotal Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.Other marks and brands may be claimed as the property of others.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

2 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

Contents

Preface 5About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

1 Introduction 7How Client Proxy works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Deployment options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Managing McAfee Client Proxy with McAfee ePO2 Completing the setup using McAfee ePO 13

Supported McAfee ePO versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Check the system requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Download and install the product files . . . . . . . . . . . . . . . . . . . . . . . . . 14Install the Client Proxy extension . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Check in the Client Proxy client package . . . . . . . . . . . . . . . . . . . . . . . . 15Install Client Proxy software using McAfee ePO . . . . . . . . . . . . . . . . . . . . . . 15

3 Configuring and using McAfee Client Proxy with McAfee ePO 17Policy options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Proxy server list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Client configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Bypass list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Block list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Configure a policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Configure the proxy servers . . . . . . . . . . . . . . . . . . . . . . . . . . 19Configure the client settings . . . . . . . . . . . . . . . . . . . . . . . . . . 20Configure the bypass list . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Configure the block list . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Assign the policy using McAfee ePO . . . . . . . . . . . . . . . . . . . . . . . 21

Users and permission sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22View end-user installation data . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Suspending policy enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Generate a release code . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Export the policy to an XML file . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

4 Maintaining McAfee Client Proxy using McAfee ePO 27Upgrade Client Proxy using McAfee ePO . . . . . . . . . . . . . . . . . . . . . . . . . 27Install a hotfix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Uninstall Client Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Remove the extension from McAfee ePO . . . . . . . . . . . . . . . . . . . . . 29Remove Client Proxy software using McAfee ePO . . . . . . . . . . . . . . . . . . 29

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

3

Managing McAfee Client Proxy with McAfee SaaS WebProtection Control Console

5 Completing the setup using the Control Console 33Check the system requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Download and install the product files . . . . . . . . . . . . . . . . . . . . . . . . . 34

6 Configuring Client Proxy using the Control Console 35Policy options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Create a policy using the Control Console . . . . . . . . . . . . . . . . . . . . . . . . 37

Configure the proxy servers . . . . . . . . . . . . . . . . . . . . . . . . . . 37Configure the bypass list . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Configure the block list . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Deploy to end-user computers using other systems . . . . . . . . . . . . . . . . . . . . 39View information about Client Proxy on a Windows-based computer . . . . . . . . . . . . . 39View information about Client Proxy on an OS X computer . . . . . . . . . . . . . . . . . 39Suspend policy enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

7 Maintaining McAfee Client Proxy on your system 41Upgrade McAfee Client Proxy on your system . . . . . . . . . . . . . . . . . . . . . . 41Install a hotfix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Remove Client Proxy software using Windows uninstall tool . . . . . . . . . . . . . . . . . 42

Index 43

Contents

4 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

Preface

This guide provides the information you need to work with your McAfee product.

Contents About this guide Find product documentation Conventions

About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.

AudienceMcAfee documentation is carefully researched and written for the target audience.

The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

• Security officers — People who determine sensitive and confidential data, and define thecorporate policy that protects the company's intellectual property.

Find product documentationOn the ServicePortal, you can find information about a released product, including productdocumentation, technical articles, and more.

Task1 Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab.

2 In the Knowledge Base pane under Content Source, click Product Documentation.

3 Select a product and version, then click Search to display a list of documents.

ConventionsThis guide uses these typographical conventions and icons.

Italic Title of a book, chapter, or topic; a new term; emphasis

Bold Text that is emphasized

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

5

Monospace Commands and other text that the user types; a code sample; a displayed message

Narrow Bold Words from the product interface like options, menus, buttons, and dialog boxes

Hypertext blue A link to a topic or to an external website

Note: Extra information to emphasize a point, remind the reader of something, orprovide an alternative method

Tip: Best practice information

Caution: Important advice to protect your computer system, software installation,network, business, or data

Warning: Critical advice to prevent bodily harm when using a hardware product

PrefaceConventions

6 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

1 Introduction

McAfee®

Client Proxy is endpoint client software for Microsoft Windows and Mac OS X that is anessential component of the McAfee

®

Web Protection hybrid deployment solution. The Client Proxytechnology allows you to apply your organization's web security policy to a computer, regardless of itslocation.

Contents How Client Proxy works Deployment options

1

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

7

How Client Proxy worksMcAfee Client Proxy extends network security solutions to computers outside the corporate network.End users receive automatic protection, regardless of their location (for example, a laptop or mobilecomputing device in a hotel or coffee shop).

McAfee Client Proxy redirects web traffic and network communications to either a McAfee®

WebGateway appliance or McAfee

®

SaaS Web Protection service. Regardless of the location of the end-userdevice (whether it is inside the corporate network, connected by VPN, or outside the corporatenetwork), the Client Proxy software enforces your organization's policies. It determines whether toroute the web request, deny access, or bypass a proxy server.

Figure 1-1 Client Proxy workflow

1 IntroductionHow Client Proxy works

8 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

When an end user is working within the corporate network, Client Proxy software:1 Communicates with McAfee

®

ePolicy Orchestrator®

(McAfee ePO™

) or other servers configured withinthe policy.

2 Recognizes that the end user is working within the corporate network.

3 Remains passive, allowing web traffic and network communications to pass through.

When an end user is working outside the corporate network, Client Proxy software:1 Recognizes that the end user is working outside the corporate network.

2 Redirects all web traffic and network communications to the McAfee SaaS Web Protection service.

All web traffic and network communication requests sent by Client Proxy to the SaaS WebProtection Service include end-user and AD group information that is applied to your organization'spolicy.

3 If the sent end-user information is mapped to a SaaS Web Protection service user account, theClient Proxy software applies the associated policy to the existing user account.

• If McAfee SaaS Web Protection does not recognize the sent end-user information as amapped SaaS Web Protection user account, Client Proxy software applies the AD groupinformation. If one or more AD groups match the end-user information, SaaS WebProtection service applies the associated policy or a combination of associated policies.

• When the sent end-user and AD group information are both unrecognized by SaaS WebProtection service, the proxy uses the default web policy.

For organizations that use McAfee SaaS Web Protection service, Client Proxy also provides the optionto always redirect web traffic and network communications to SaaS Web Protection service, regardlessof the end user's location.

Deployment optionsClient Proxy software can be deployed either with McAfee ePO, or using a third-party deploymentsolution.

Deploying with McAfee ePO

We highly recommend using McAfee ePO to deploy McAfee endpoint software, especially in a largeenterprise. It provides a single management platform that enables policy management and productenforcement. In this case, McAfee ePO is installed and configured on the administrator operatingsystem. The end user installing the Client Proxy software on McAfee ePO servers must be a member ofthe local administrator group.

Deploying with a third-party solution

If you are using Client Proxy in a small- to medium-sized company and do not have McAfee ePO, youcan install the product within your corporate network using a third-party deployment solution. In thiscase, you deploy the Client Proxy software, then manually push the initial policy to end-usercomputers.

IntroductionDeployment options 1

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

9

Table 1-1 Example of the high-level process

Deployment with McAfee ePO Deployment with third-partysolutions

1 Install the Client Proxy extension .zip file so it isavailable in McAfee ePO.

2 Check in the Client Proxy packages for MicrosoftWindows and Mac OS X to the McAfee ePO MasterRepository.

3 Download the XML file from the Control Console that theClient Proxy extension imports when creating a policy.

4 Create policies that meet the needs of your network.

5 Deploy Client Proxy software to end-user computerswithin your corporate network.

1 Use McAfee SaaS Web Protection tocreate policies that meet the needs ofyour network.

2 Follow the instructions of thethird-party solution to create anddeploy the installation package.

3 Deploy configured policies to end-usercomputers in your corporate networkwith Control Console.

1 IntroductionDeployment options

10 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

Managing McAfee Client Proxywith McAfee ePO

Chapter 2 Completing the setup using McAfee ePOChapter 3 Configuring and using McAfee Client Proxy with McAfee ePOChapter 4 Maintaining McAfee Client Proxy using McAfee ePO

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

11

Managing McAfee Client Proxy with McAfee ePO

12 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

2 Completing the setup using McAfee ePO

To set up McAfee Client Proxy in your corporate network, download and install the Client Proxyinstallation files on the administrator operating system. Deploy the Client Proxy software to end-usercomputers.

Contents Supported McAfee ePO versions Check the system requirements Download and install the product files Install the Client Proxy extension Check in the Client Proxy client package Install Client Proxy software using McAfee ePO

Supported McAfee ePO versionsThis release of Client Proxy is compatible with these McAfee ePO versions.

• McAfee ePO 4.6.8 • McAfee ePO 5.1.3

• McAfee ePO 5.1.0 • McAfee ePO 5.3.0

• McAfee ePO 5.1.1 • McAfee ePO 5.3.1

• McAfee ePO 5.1.2

We don't guarantee that Client Proxy works with other versions of McAfee ePO.

Check the system requirements Verify that your network systems meet the hardware and operating system requirements.

Table 2-1 Hardware requirements

Hardware type Specifications

Servers — Run the McAfee ePOsoftware and Client Proxyextension.

• CPU — Intel Pentium IV 2.8 GHz or higher

• RAM — 1 GB minimum (2 GB recommended)

• Hard disk — 80 GB minimum

End-user computers — Run theClient Proxy software.

• RAM — 1 GB minimum (2 GB recommended)

• Hard disk — 300 MB minimum free disk space (500 MBrecommended)

2

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

13

Table 2-2 Operating system requirements

Computer type Software

Servers — Run the McAfee ePOsoftware and Client Proxyextension.

• Windows Server 2003 Standard (SE) SP1 or later, 32-bit or64-bit

• Windows Server 2003 Enterprise (EE) SP1 or later, 32-bit or64-bit

• Windows Server 2008 Enterprise SP1 or later 32- or 64-bit

• Windows Server 2012, 64-bit

End-user computers — Runthe Client Proxy software.

• Windows XP ProfessionalSP3 or later

• Windows 10

• Windows Vista SP2 or later • OS X 10.8 (Mountain Lion)

• Windows 7 SP1 or later • OS X 10.9 (Mavericks)

• Windows 8 or 8.1 • OS X 10.10 (Yosemite)

Download and install the product filesDownload the Client Proxy product files from the McAfee Content & Cloud Security Portal and installthem on the administrator operating system. Client Proxy also supports McAfee ePO Software Manager.

Task1 Download the product files.

a Log on to the operating system as an administrator.

b Go to the McAfee Content & Cloud Security Portal.

c Enter your user name and password, then click Login.

d Select Software | McAfee Web Gateway | Tools | McAfee Client Proxy.

e Select and save the .zip files for your operating system.

• Client Proxy server software for McAfee ePO: MCPSRVER1000_2.1.2.x_package.zip

• Client Proxy client software for Mac OS X: Mcpdistribution.zip

• Client Proxy client software for Windows: mcp-win 2.1.2 Build x Package #y.zip

2 Install the server software, and check the client package into McAfee ePO.

Install the Client Proxy extensionInstall the Client Proxy extension .zip file so it is available in McAfee ePO.

For details about product features, usage, and best practices, click ? or Help.

Task1 From the McAfee ePO interface, select Menu | Software | Extensions.

2 Click Install Extension.

2 Completing the setup using McAfee ePODownload and install the product files

14 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

3 Click Browse to locate the Client Proxy extension file (MCPSRVER1000_2.1.2.x_package.zip), thenclick Open | OK.

The Install Package window appears.

4 Click OK.

The MCPSRVER1000_2.1.2.x_package installs.

The package installs the Client Proxy manager, Common Catalog, Help Desk, and the related Helpfiles.

Check in the Client Proxy client packageCheck in the Client Proxy package to the McAfee ePO Master Repository.

For details about product features, usage, and best practices, click ? or Help.

Task

1 From the McAfee ePO interface, select Menu | Software | Master Repository.

2 From the Actions menu, select Check In Package.

3 In the Check In Package window, select the package type (ZIP), then click Browse.

4 Select the Client Proxy OS X client (McpDistribution.zip) file you downloaded earlier, click Open thenNext.

5 Review the information, then click Save.

6 If you are deploying both Microsoft Windows and Mac OS X clients, repeat the check-in for theClient Proxy MCP_2_1_0_x.zip file.

McAfee Client Proxy appears in the Packages in Master Repository list.

Install Client Proxy software using McAfee ePOUsing McAfee ePO, install Client Proxy software on the computers of end users in your organization.

For details about product features, usage, and best practices, click ? or Help.

Task

1 From the McAfee ePO interface, select Menu | Systems | System Tree.

2 Select the organizational level to which you want the install action applied.

Selecting My Organization selects all computers managed by McAfee ePO.

3 Click the Assigned Client Tasks tab.

4 From the Actions drop-down list, select New Client Task Assignment.

5 In the Client Task Assignment Builder, configure the following options in the order shown, then click CreateNew Task:

• Product — Select McAfee Agent.

• Task Type — Select Product Deployment.

Completing the setup using McAfee ePOCheck in the Client Proxy client package 2

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

15

6 In the New Task window, configure the following options, then click Save:• Task Name — Specify a name for the task.

• Description — (Optional) Describe the task.

• Target platforms — Select Windows.

• Products and components — From the drop-down list, select the version of McAfee Client Proxy thatyou want to install on the end-user computers, then from the Action drop-down list, select Install.

7 Click Next.

8 From the Schedule type drop-down list, select Run immediately, then click Next.

9 Review the task summary, then click Save.

The task is scheduled for the next time that the McAfee Agent checks for updates. To force theinstallation to run immediately, issue an agent wake-up call.

After installation, Client Proxy runs immediately without restarting the end-user computer.

Client Proxy does not redirect data until a policy is configured.

2 Completing the setup using McAfee ePOInstall Client Proxy software using McAfee ePO

16 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

3 Configuring and using McAfee ClientProxy with McAfee ePO

Use McAfee ePO to manage and configure the options that define the Client Proxy policies enforced onend-user computers.

Contents Policy options Configure a policy Users and permission sets View end-user installation data Suspending policy enforcement Export the policy to an XML file

Policy optionsPolicy options allow you to tune multiple settings when you configure policies.

The following are configurable policy options available in McAfee ePO.

Proxy server listWhen configuring proxy servers for a Client Proxy policy, consider how Client Proxy manages the proxyserver list.

How Client Proxy manages the proxy server list

Client Proxy software maintains an ordered list of proxy servers, with the proxy server having thefastest response time placed at the top of the list. The software updates the list from time to time.

For example, the list is updated when the end user starts the computer, the VPN connection breaks, aproxy server fails to respond, or the Client Proxy policy changes. At these times, the software tests theconnections to all proxy servers and reorders the list based on response times.

If redirection to the proxy server at the top of the list fails, the software tries redirecting to the secondproxy server in the list. At the same time, the software tests the proxy server connections again andupdates the proxy server list.

The following setting specifies whether the Client Proxy software selects the next proxy server fromthe proxy server list that it maintains, which is based on response time, or from the list of proxyservers that you configure.

3

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

17

• connect to the first accessible Proxy Server based on their order in the list below — The software selects the nextproxy server from the list that you configure.

• connect to the Proxy Server that has the fastest response time — The software selects the next proxy server fromthe list that it maintains, which is based on response time.

Client Proxy metadata

When the Client Proxy software redirects HTTP/HTTPS traffic, it adds metadata to the request, asfollows:

• Customer ID

• Identification tokens

• Windows domain name and user name

• Active Directory groups

• Original destination IP address

• Client IP address

• Version number of the Client Proxy software

Proxy server administrators can configure and apply policies based on the values in the metadata.

Client configurationClient Configuration options define how Client Proxy behaves inside and outside the corporate networkfor end users.

• Customer Identifier — Client Proxy includes a customer ID with a required secret key in its policydefinition to ensure that client identities are securely protected. The customer ID also determineswhich policy to apply and when to apply it.

• Traffic Redirection — Client Proxy redirects network traffic to proxy servers, whether inside thecorporate network, connected by VPN, or outside of the corporate network.

• Corporate Network Detection — Determines whether the end-user computer is located inside or outsidethe corporate network.

• Corporate VPN Detection — If the end-user computer is located outside the corporate network,determines whether the computer is connected to the network through the VPN.

• Log File Settings — Enables client logging, which adds a log file to each end-user computer thatidentifies errors and troubleshooting information.

• Active Directory Groups — A group filter that allows you to define the group information provided to thefiltering proxy.

• Access Protection — Prevents the end user from uninstalling, deleting, renaming, or tampering withClient Proxy from their computer.

Access protection is not supported on OS X.

Bypass listEach policy maintains a list of McAfee

®

Common Catalog definitions for Client Proxy to bypass whennetwork traffic is redirected to the proxy server.

The bypass list can include domain names, network addresses, network ports, and processes thatend-user computers connect to directly.

3 Configuring and using McAfee Client Proxy with McAfee ePOPolicy options

18 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

A Common Catalog instance is created for each configured policy. When a bypass list item is modified,the associated Common Catalog instance is also modified.

Block listEach policy maintains a list of processes that are permanently blocked from network communication.

The block list reduces the amount of network traffic redirected to the proxy server, but can also applyunintended Internet access restrictions to end-user computers.

Configure a policyUse McAfee ePO to create and configure policies that are deployed to end-user computers.

For details about product features, usage, and best practices, click ? or Help.

Task1 From the McAfee ePO interface, select Menu | Policy | Policy Catalog.

2 From the Product drop-down list, select McAfee Client Proxy 2.1.2.

The default policy assignment appears.

3 Click the policy name to open a policy for editing.

4 To create a new policy, click New Policy.

The Create a New Policy dialog box appears.

5 Use the drop-down list to select an existing policy as a base. In the Name field, type a name for thepolicy, enter any additional information in Notes, then click OK.

Tasks• Configure the proxy servers on page 19

Configure the proxy servers for Client Proxy to redirect network traffic.

• Configure the client settings on page 20Configure the settings that define how deployed Client Proxy policies behave inside oroutside the corporate network.

• Configure the bypass list on page 21Configure and add the web definitions to the Bypass List that end-user computers directlyconnect to by bypassing the policy.

• Configure the block list on page 21To reduce the amount of network traffic redirected to the proxy server, configure and addprocesses to the Block List that are permanently blocked from communicating with thenetwork.

• Assign the policy using McAfee ePO on page 21Assign policies to specific end-user computers within your corporate network.

Configure the proxy servers Configure the proxy servers for Client Proxy to redirect network traffic.

For details about product features, usage, and best practices, click ? or Help.

Configuring and using McAfee Client Proxy with McAfee ePOConfigure a policy 3

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

19

Task1 On the Policy Catalog page, select a policy.

2 From the Client Proxy Settings menu, select Proxy Servers.

3 In the Proxy Server List, select how Client Proxy connects to the proxy servers using these options:

• connect to the first accessible Proxy Server based on their order in the list below

• connect to the Proxy Server which has the fastest response time

4 Add proxy servers to the Proxy Server List.

At least one proxy server definition is required in order to save the policy.

a In the Proxy Server Address field, type the proxy server IP address or host name.

b In the Proxy Port field, type the port for the proxy server.

c To direct HTTP/HTTPS requests to the Web Gateway appliance or SaaS Web Protection service,select the HTTP/HTTPS checkbox.

d In the Non-HTTP/HTTPS Redirected Ports field, type the non-HTTP/HTTPS redirected ports.

For non-HTTP/HTTPS protocols, make sure that the server supports the protocol.

e Click Add.

The proxy server appears in the Proxy Server List.

5 In the Actions column, click the arrows to change the order of proxy servers in the Proxy Server List.

6 By default, Client Proxy bypasses local address. Deselect the checkbox if you want Client Proxy toredirect all requests.

Do not attempt to save the policy at this point. The Customer Identifier field information on the ClientConfiguration page is required before you can save the policy.

Configure the client settingsConfigure the settings that define how deployed Client Proxy policies behave inside or outside thecorporate network.

For details about product features, usage, and best practices, click ? or Help.

Task1 From the Client Proxy Settings menu, select Client Configuration.

2 In the Customer Identifier section, click Browse, select the ID file, then click Open.

This file is provided by the Web Gateway or SaaS Web Protection administrator.

The Unique Customer ID and Shared Password fields are automatically populated.

3 Configure the remaining options.

Access Protection is not supported on Mac OS X endpoints.

3 Configuring and using McAfee Client Proxy with McAfee ePOConfigure a policy

20 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

Configure the bypass listConfigure and add the web definitions to the Bypass List that end-user computers directly connect to bybypassing the policy.

Creating a bypass list in McAfee ePO uses McAfee®

Common Catalog to specify the list. Client Proxyuses only four of the definition types from the catalog: domain name, network address, network port,and process name.

Process names can now be either Microsoft Windows format (test.exe) or Mac OS X format (test).

For details about product features, usage, and best practices, click ? or Help.

Task

1 From the Client Proxy Settings menu, select Bypass List.

2 From the Actions menu, select Add bypass list item, then select a web definition type.

The Choose from existing values dialog box appears.

3 Do one of the following:

• Select at least one existing item.

• Click New Item, enter the required information, then click Save.

4 Click OK.

Configure the block listTo reduce the amount of network traffic redirected to the proxy server, configure and add processes tothe Block List that are permanently blocked from communicating with the network.

For details about product features, usage, and best practices, click ? or Help.

Task

1 From the Client Proxy Settings menu, select Block List.

2 Select an option for how to handle network traffic.

3 In the Process Name field, type the name of a process to block, then click Add.

4 Click Save.

Assign the policy using McAfee ePOAssign policies to specific end-user computers within your corporate network.

For details about product features, usage, and best practices, click ? or Help.

Task

1 Select Menu | Systems | System Tree.

2 From the System Tree menu, select a group or subgroup.

3 Click the Assigned Policies tab.

4 From the Product drop-down list, select McAfee Client Proxy 2.1.2.

5 In the Actions column, click Edit Assignment.

The Policy Assignment for My Organization window appears.

Configuring and using McAfee Client Proxy with McAfee ePOConfigure a policy 3

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

21

6 Next to Inherit from, select Break inheritance and assign the policy and settings below.

7 From the Assigned policy drop-down list, select the policy.

8 Choose whether or not to lock policy inheritance.

9 Click Save.

Assign a Client Task to schedule the policy deployment to the endpoints.

Users and permission setsWe recommend creating specific administrator roles and permissions in McAfee ePO for the ClientProxy catalog administrator.

McAfee ePO defines roles and permissions in terms of Permission Sets. A default permission set installedwith the product, MCP Catalog Admin, gives the Client Proxy administrator view and change permissionsfor policies and certain Common Catalog items and actions. You can also assign an auditor role byadding view permission to one of the existing reviewer permission sets, or by creating a newpermission set. You assign users to permission sets using Active Directory.

View end-user installation dataView the number of end-user computers that have successfully installed Client Proxy within the pastmonth.

For details about product features, usage, and best practices, click ? or Help.

Task1 From the McAfee ePO interface, select Menu | Reporting | Queries & Reports.

2 From the Groups list, expand Shared Groups, then select McAfee Client Proxy.

3 Create a query.

3 Configuring and using McAfee Client Proxy with McAfee ePOUsers and permission sets

22 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

Option Definition

Select a querytype.

1 Click the Query tab, then select Actions | New.The Query Builder opens with the Result Types view active.

2 From the Feature Group list, select Policy Management.

3 Choose from these options:

• Applied Client Tasks

• Applied Policies

• Client Task Assignment Broken Inheritance

• Policy Assignment Broken Inheritance

4 Click Next.

Select a querylayout.

1 From the Display Results As list, select a graph or table for the query layout.Select a layout for your query that best displays your data.

2 Select the display options you want from the available lists.

3 To move to the Columns page, click Next.

Select querycolumns.

1 From the Available Columns list, select which columns to apply to your query.

2 In Selected Columns, select, drag, and position each column.

3 To move to the Filter page, click Next.

Configureproperties.

From the Available Properties list, select which properties to use for filtering yourquery, and the appropriate values for each.

Run the query. Click Run.

Save the query. 1 To view the Save Query page, click Save.

2 Type a name for the query, add any notes, and select a group.

3 Click Save.

4 Create a report.

Configuring and using McAfee Client Proxy with McAfee ePOView end-user installation data 3

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

23

Option Definition

Select a query. 1 Click the Report tab, then select Actions | New.The Report Builder opens with the Report Layout view active.

2 From the Toolbox menu, select Query Chart, and drag it to the Report Layout area.The Configure Query Chart dialog box appears.

3 From the Query drop-down list, select MCP: Endpoint Install Success/Failed events in lastmonth.

4 Configure the remaining query options, then click OK.

Customize thereport.

1 In the Name, Description and Group tab, type a name, description, and which groupto use.

2 Use the Header and Footer and Page Setup tabs to specify how you want the query toappear in the report.

3 Use the Runtime Parameters tab to select report‑level filters.

Generate thereport.

Click Run.You can choose to run the report to get the information immediately, save to useit another time, or configure its appearance further by adding additional content.

Suspending policy enforcementA user can request permission to access or transfer sensitive information for a limited time.

Occasionally there is a legitimate business justification for temporarily suspending the security policyto access or transfer sensitive information. Client Proxy uses a mechanism known as "challenge/response" to perform this function. The end user enters a request to an administrator by supplyingcertain ID information, and the administrator creates a code using McAfee

®

Help Desk software. Thecode is valid for a specified time period. The user enters the code in the release code window; thesecurity policy is bypassed for the preset time window, and automatically restarted when the timeelapses.

Removing endpoint software (Microsoft Windows only)

A similar mechanism can be used to uninstall the Client Proxy software. McAfee Client Proxy isprotected from unauthorized removal. We recommend the Client Proxy administrator uninstall thesoftware using McAfee ePO. In cases where McAfee ePO removal is not possible, an uninstall key canbe generated, and the software removed by normal means.

Generate a release codeTo temporarily suspend policy enforcement on end-user computers, users request a bypass releasecode from a Client Proxy administrator. Using Help Desk software, administrators create a release codeand send it to the end user.

Task1 To request a bypass release code on an end-user computer, do one of the following:

• On Mac OS X computers: From the McAfee menulet on the status bar, select McAfee EndpointProtection for Mac Preferences, then select Client Proxy.

• On computers running Windows: Click Start | All Programs | McAfee, then click Bypass McAfee ClientProxy.

3 Configuring and using McAfee Client Proxy with McAfee ePOSuspending policy enforcement

24 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

The McAfee Client Proxy Enter Release Code dialog box opens.

While you are waiting for the administrator to send the release code, leave this dialog box open. Ifyou close it, you must start the procedure over.

2 Copy the number in the Policy Revision field and the code in the Identification field, send these values toyour administrator, and include your user name and email address.

3 When your administrator sends the release code, enter the code in the Release field, then do one ofthe following:

• On Mac OS X computers: Click Release.

• On computers running Windows: Click OK.

Policy enforcement is suspended for the time period specified by the administrator when creating thecode.

Export the policy to an XML fileFor troubleshooting purposes, export the McAfee Client Proxy policy to an XML file.

For details about product features, usage, and best practices, click ? or Help.

Task1 From the McAfee ePO interface, select a policy.

2 Select Actions | Export Policy to File.

The Export Policy to File dialog box appears.

3 Click the McAfee Client Proxy Server File link.

The other link, McAfee Client Proxy Client File, creates an OPG file you can import to other clients.

4 Save the file.

5 Click OK.

Configuring and using McAfee Client Proxy with McAfee ePOExport the policy to an XML file 3

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

25

3 Configuring and using McAfee Client Proxy with McAfee ePOExport the policy to an XML file

26 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

4 Maintaining McAfee Client Proxy usingMcAfee ePO

Perform maintenance tasks to ensure Client Proxy operates as intended.

Contents Upgrade Client Proxy using McAfee ePO Install a hotfix Uninstall Client Proxy

Upgrade Client Proxy using McAfee ePODownload, install, and deploy the latest version of Client Proxy.

For details about product features, usage, and best practices, click ? or Help.

Task1 Download the latest version of the product files.

a Go to the McAfee Content & Cloud Security Portal.

b Enter your user name and password, then click Login.

c Select Software | McAfee Web Gateway | Tools | McAfee Client Proxy.

d Select and save the appropriate .zip file.

Client Proxy also supports McAfee ePO Software Manager.

2 Install the extension.

a From the McAfee ePO interface, select Menu | Software | Extensions.

b Click Install Extension.

c Click Browse to locate the Client Proxy .zip file, click Open, then click OK.

The Install Package window appears.

d Click OK.

e Verify that the extension is installed, and select Menu | Software | Extensions.

3 Check in the package.

a Select Actions | Check in Package.

The Check in Package window appears.

4

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

27

b Select the package type, then click Browse.

c Choose the Client Proxy .zip file you downloaded earlier, then click Open.

McAfee Client Proxy appears in the Packages in Master Repository list.

4 Deploy the upgrade.

a Select Menu | Systems | System Tree.

b From the System Tree list, select the subgroup level to deploy Client Proxy endpoint software.

c Click the Assigned Client Tasks tab.

d From the Actions menu, select New Client Task Assignment.

e Configure the Client Task Assignment Builder options.

f Click Create New Task.

g Configure the Product Deployment options.

h Click Save.

i Click Next.

j From the Schedule type drop-down list, select Run immediately, then click Next.

k Review the task summary, then click Save.

Install a hotfix McAfee occasionally releases Client Proxy a hotfix to address product issues.

If the hotfix includes release notes, use the release notes instructions to install the hotfix.

If the hotfix does not have release notes, use the following task.

Task1 Go to the McAfee Content & Cloud Security Portal.

2 Enter your user name and password, then click Login.

3 Select Software | McAfee Web Gateway | Tools | McAfee Client Proxy.

4 Select and save the hotfix installation file for your operating system.

5 Run the hotfix installation file.

6 Follow the on-screen prompts to complete the installation.

Uninstall Client ProxyTo fully uninstall McAfee Client Proxy, remove the extension and package from McAfee ePO, thenremove the software from the administrator operating system.

Contents Remove the extension from McAfee ePO Remove Client Proxy software using McAfee ePO

4 Maintaining McAfee Client Proxy using McAfee ePOInstall a hotfix

28 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

Remove the extension from McAfee ePORemove the McAfee Client Proxy extension from McAfee ePO.

For details about product features, usage, and best practices, click ? or Help.

Task1 Log on to McAfee ePO as an administrator.

2 Select Menu | Software | Extensions.

3 From the Extensions list, select McAfee Client Proxy.

4 Click Remove.

Remove Client Proxy software using McAfee ePOUsing McAfee ePO, remove Client Proxy software from the computers of end users in yourorganization.

For details about product features, usage, and best practices, click ? or Help.

Task1 From the McAfee ePO interface, select Menu | Systems | System Tree.

2 Select the organizational level to which you want the remove action applied.

Selecting My Organization selects all computers managed by McAfee ePO.

3 Click the Assigned Client Tasks tab.

4 From the Actions drop-down list, select New Client Task Assignment.

5 In the Client Task Assignment Builder, configure the following options in the order shown, then click CreateNew Task:• Product — Select McAfee Agent.

• Task Type — Select Product Deployment.

6 In the New Task window, configure the following options, then click Save:• Task Name — Specify a name for the task.

• Description — (Optional) Describe the task.

• Target platforms — Select Windows.

• Products and components — From the drop-down list, select the version of McAfee Client Proxy thatyou want to remove from the end-user computers, then from the Action drop-down list, selectRemove.

Maintaining McAfee Client Proxy using McAfee ePOUninstall Client Proxy 4

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

29

4 Maintaining McAfee Client Proxy using McAfee ePOUninstall Client Proxy

30 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

Managing McAfee Client Proxywith McAfee SaaS WebProtection Control Console

Chapter 5 Completing the setup using the Control ConsoleChapter 6 Configuring Client Proxy using the Control ConsoleChapter 7 Maintaining McAfee Client Proxy on your system

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

31

Managing McAfee Client Proxy with McAfee SaaS Web Protection Control Console

32 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

5 Completing the setup using the ControlConsole

To set up McAfee Client Proxy in your corporate network using a system other than McAfee ePO,download and install the Client Proxy installation files from the Control Console.

Contents Check the system requirements Download and install the product files

Check the system requirementsVerify that your network systems meet the hardware and operating system requirements.

Table 5-1 Hardware requirements

Hardware type Specifications

End-user computers — Run the Client Proxysoftware.

Microsoft Windows endpoints:

• CPU — Pentium III 1 GHz or higher

• RAM — 1-GB minimum

• Hard disk — 200-MB minimum free disk space

Mac OS X endpoints:

• RAM — 1-GB minimum

• Hard disk — 200-MB minimum free disk space

Table 5-2 Operating system requirements — 32-bit

Computer type Software

End-user computers — Run the ClientProxy software.

• Windows XPProfessional SP3 orlater

• Windows 8 or 8.1

• Windows Vista SP2 orlater

• Windows 10

• Windows 7 SP1 orlater

5

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

33

Table 5-3 Operating system requirements — 64-bit

Computer type Software

End-user computers — Run theClient Proxy software.

• Windows 7 SP1 or later

• Windows 8 or 8.1

• Windows 10

• OS X 10.8 (Mountain Lion), 10.9 (Mavericks), or 10.10(Yosemite)

Download and install the product filesDownload the Client Proxy product files from the McAfee Content & Cloud Security Portal or ControlConsole, and install them on the administrator operating system.

To download the Client Proxy product files from the Control Console, you must first have a SaaS WebProtection service account.

Task1 Log on to the operating system as an administrator.

2 Download the product files.

Option Steps

McAfee Content& CloudSecurity Portal

1 Go to the McAfee Content & Cloud Security Portal.

2 Enter your user name and password, then click Login.

3 Select QuickLinks | Downloads | McAfee Web Gateway Downloads | Tools | McAfee ClientProxy.

4 Select and save the .zip file for your operating system.

ControlConsole

1 Log on to the Control Console as an administrator.

2 Select Web Protection | Setup | McAfee Client Proxy.

3 Click Download MCP.

4 Select and save the .zip file for your operating system.

3 Install the product files, as follows:

• On Windows-based computers — Run McpInstaller.x64.exe or .x86.exe, then follow theon-screen prompts.

• On Mac OS X computers — Run McpDistribution.dmg, then follow the on-screen prompts.

5 Completing the setup using the Control ConsoleDownload and install the product files

34 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

6 Configuring Client Proxy using theControl Console

Use the Control Console to manage and configure the options that define the Client Proxy policiesenforced on end-user computers.

Contents Policy options Create a policy using the Control Console Deploy to end-user computers using other systems View information about Client Proxy on a Windows-based computer View information about Client Proxy on an OS X computer Suspend policy enforcement

Policy optionsPolicy options allow you to tune multiple settings when you configure policies.

The following are configurable policy options available in the Control Console.

Customer ID and secret key

Client Proxy includes a customer ID and secret key in its policy definition to ensure that clientidentities are securely protected.

Use the ePO Export button to download the customer ID XML file for use with McAfee ePO. If you areusing McAfee ePO, we recommend using McAfee ePO to manage Client Proxy policies instead of theControl Console.

Proxy servers

Client Proxy software maintains an ordered list of proxy servers, with the proxy server having thefastest response time placed at the top of the list. The software updates the list from time to time.

For example, the list is updated when the end user starts the computer, the VPN connection breaks, aproxy server fails to respond, or the Client Proxy policy changes. At these times, the software tests theconnections to all proxy servers and reorders the list based on response times.

If redirection to the proxy server at the top of the list fails, the software tries redirecting to the secondproxy server in the list. At the same time, the software tests the proxy server connections again andupdates the proxy server list.

The following setting specifies whether the Client Proxy software selects the next proxy server fromthe proxy server list that it maintains, which is based on response time, or from the list of proxyservers that you configure.

6

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

35

• connect to the first accessible Proxy Server based on their order in the list below — The software selects the nextproxy server from the list that you configure.

• connect to the Proxy Server that has the fastest response time — The software selects the next proxy server fromthe list that it maintains, which is based on response time.

When the Client Proxy software redirects HTTP/HTTPS traffic, it adds metadata to the request, asfollows:

• Customer ID

• Identification tokens

• Windows domain name and user name

• Active Directory groups

• Original destination IP address

• Client IP address

• Version number of the Client Proxy software

Proxy server administrators can configure and apply policies based on the values in the metadata.

Bypass list

Each policy maintains a list of definitions for Client Proxy to bypass when network traffic is redirectedto the proxy server.

The bypass list can include domain names, network addresses, network ports, and processes thatend-user computers connect to directly.

Block list

Each policy maintains a list of processes that are permanently blocked from network communication.

The block list reduces the amount of network traffic redirected to the proxy server, but can also applyunintended Internet access restrictions to end-user computers.

Redirection settings

Client Proxy communicates with internal proxy servers to verify that the end user is working inside thecorporate network.

Client Proxy also checks a list of corporate servers to detect when an end-user computer is connectedthrough VPN.

When Client Proxy detects that an end user is working inside the corporate network or through VPN,the software stops redirecting web traffic and network communication.

6 Configuring Client Proxy using the Control ConsolePolicy options

36 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

Create a policy using the Control ConsolePolicies are created and saved as McAfee SaaS Web Protection policies. Use the Control Console tocreate and configure policies that are deployed to end-user computers.

Before you beginRequest a customer ID and password from the Web Gateway or SaaS Web Protectionadministrator.

To use Client Proxy with SaaS Web Protection, the SaaS Web Protection service must beactivated.

Task

1 From the Control Console interface, select Web Protection | Policies | McAfee Client Proxy Policies.

2 In the Secret Key field, enter your secret key.

A secret key must be entered to enable Client Proxy policies.

3 Click New.

The New McAfee Client Proxy Policy dialog box appears.

4 Click the Details tab.

a In the Name field, type the policy name.

b Type an optional description.

c To prevent uninstallation, interruption, and policy manipulation, select the Enable Access Protectioncheckbox.

d To provide the administrator with ability to generate release code, select the Request Release key formanual uninstall checkbox.

e Define the Client Logging level.

Tasks

• Configure the proxy servers on page 37Configure the proxy servers for McAfee Client Proxy to redirect network traffic.

• Configure the bypass list on page 38Configure and add the web definitions to the bypass list that end-user computers directlyconnect to by bypassing the policy.

• Configure the block list on page 38To reduce the amount of network traffic redirected to the proxy server, configure and addprocesses to the block list that are permanently blocked from communicating with thenetwork.

Configure the proxy serversConfigure the proxy servers for McAfee Client Proxy to redirect network traffic.

Task

1 Click the Proxy Servers tab.

2 Click New.

Configuring Client Proxy using the Control ConsoleCreate a policy using the Control Console 6

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

37

3 Add proxy servers to the policy.

a In the Proxy Server Address field, type the proxy server IP address or host name.

b In the Port field, type the port for the proxy server.

c To direct HTTP/HTTPS requests to the Web Gateway or SaaS Web Protection servers, select Yesfrom the HTTP/HTTPS drop-down list.

d In the Non-HTTP/HTTPS Redirected Ports field, type the non-HTTP/HTTPS redirected ports.

For non-HTTP/HTTPS protocols, make sure the server supports the protocol.

4 Configure the remaining options.

a In the Additional Ports field, type any additional ports to redirect as HTTP/HTTPS traffic.

b To bypass Client Proxy for local addresses in your internal network, select the Bypass the McAfeeClient Proxy for local addresses checkbox.

To remove a proxy server, click Delete.

Configure the bypass listConfigure and add the web definitions to the bypass list that end-user computers directly connect toby bypassing the policy.

Task1 Click the Bypass List tab.

2 Click New.

3 From the Type drop-down list, select a type.

4 In the Value field, type the value.

To remove a definition from the bypass list, click Delete.

Configure the block listTo reduce the amount of network traffic redirected to the proxy server, configure and add processes tothe block list that are permanently blocked from communicating with the network.

Task1 Click the Block List tab.

2 Click New.

3 In the Executable Name field, type a value.

To remove a process from the block list, click Delete.

6 Configuring Client Proxy using the Control ConsoleCreate a policy using the Control Console

38 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

Deploy to end-user computers using other systemsWe recommend using McAfee ePO to deploy McAfee endpoint software products.

Various methods of manual deployment are possible in cases where deployment with McAfee ePO iseither unfeasible or not wanted. One such method is described in McAfee KnowledgeBase articleKB59769. After deploying the client software with one of these methods, deploy the policy manually.

TaskFor details about product features, usage, and best practices, click ? or Help.

1 Create a policy in Web Gateway or SaaS Web Protection. Save the policy to a file namedmcppolicy.opg.

2 Copy the policy file to the following folder on the Mac OS X endpoint computer: /usr/local/McAfee/Mcp/policy/.

View information about Client Proxy on a Windows-basedcomputer

On an end-user computer running Windows, you can view information about the Client Proxy software,policy, and status.

Task1 On a Windows-based computer, click Start | All Programs | McAfee, then click About McAfee Client Proxy.

The McAfee Client Proxy window opens.

2 In the window, you can view the following information:

• Version Number — Specifies the version and build number of the Client Proxy software installed onthe end-user computer.

• Policy Revision — Specifies the revision number of the policy that Client Proxy is applying.

• Policy Name — Specifies the name of the policy that Client Proxy is applying.

• Policy Timestamp — Specifies the time when the Client Proxy policy was deployed to the end-usercomputer.

• Status — Specifies whether Client Proxy is working in active or passive mode.

• Connection Status — Specifies whether the end-user computer is connected to the corporatenetwork.

• Active Proxy — Specifies the address of the proxy server to which Client Proxy is redirecting traffic.

3 To close the window, click Ok.

View information about Client Proxy on an OS X computerOn an end-user computer running OS X, you can view information about the Client Proxy software,policy, and status.

Task1 On an OS X computer, click the McAfee menulet and select About McAfee Endpoint Protection for Mac.

Configuring Client Proxy using the Control ConsoleDeploy to end-user computers using other systems 6

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

39

In the Client Proxy section, the following information is displayed:

• Client Proxy version and build number • Policy modified date

• Policy name • Proxy server

• Policy revision

2 From the menulet, select the dashboard.

The message: Client Proxy: Redirecting indicates that you are connected to the proxy server.

Suspend policy enforcementTo temporarily cancel policy enforcement on end-user computers, end users request a release codefrom the administrator.

The end user requests a release code for their computer. The administrator uses Help Desk to createand issue the code, which is valid for a specified time period. The procedure is described in theConfiguring and using McAfee Client Proxy with McAfee ePO chapter.

See also Suspending policy enforcement on page 24

6 Configuring Client Proxy using the Control ConsoleSuspend policy enforcement

40 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

7 Maintaining McAfee Client Proxy on yoursystem

View the Client Proxy status and configuration details, or uninstall the software from the administratoroperating system.

Contents Upgrade McAfee Client Proxy on your system Install a hotfix Remove Client Proxy software using Windows uninstall tool

Upgrade McAfee Client Proxy on your systemDownload and install the latest version of Client Proxy.

Upgrading Client Proxy requires manual installation or use of a third-party deployment solution,depending on the number of endpoint computers to be upgraded.

Task1 Copy all existing policy files to a temporary file on your system.

2 Go to the McAfee Content & Cloud Security Portal.

3 Enter your user name and password, then click Login.

4 Select Software | McAfeeWeb Gateway | Tools | McAfee Client Proxy

5 Select and save the image file (Mcpdistribution.dmg) for the latest version of the Client Proxysoftware.

6 Open the image file and run the installation file (Mcpdistribution.pkg), then follow the prompts toinstall the software.

Install a hotfix McAfee occasionally releases Client Proxy a hotfix to address product issues.

If the hotfix includes release notes, use the release notes instructions to install the hotfix.

If the hotfix does not have release notes, use the following task.

7

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

41

Task1 Go to the McAfee Content & Cloud Security Portal.

2 Enter your user name and password, then click Login.

3 Select Software | McAfee Web Gateway | Tools | McAfee Client Proxy.

4 Select and save the hotfix installation file for your operating system.

5 Run the hotfix installation file.

6 Follow the on-screen prompts to complete the installation.

Remove Client Proxy software using Windows uninstall toolYou can use the Windows uninstall tool to remove Client Proxy software from the computers of endusers in your organization.

To perform these steps remotely, the administrator and end user can share the challenge andresponse codes by email, phone, or text messaging.

Task1 The end user performs the following steps on a computer running Windows:

a Select Start | Control Panel | Programs and Features.

b Right-click McAfee Client Proxy, then click Uninstall.

c In the Uninstall McAfee Client Proxy dialog box, copy the uninstall password and share it with youradministrator.

2 The administrator performs the following steps in the Control Console:

a Select Web Protection | Policies | McAfee Client Proxy Policies, then click Uninstall Challenge and Response Tool.

b In the Generate MCP Uninstall Key dialog box, paste the uninstall code in the Enter end user identificationcode field, then click Generate key.

c Copy the release key that is generated and displayed in the Release Code field and share it withthe end user.

3 The end user performs the following step on a computer running Windows: In the Enter the uninstallpassword provided by your administrator field, paste the release key, then click Ok.

The uninstallation process completes.

7 Maintaining McAfee Client Proxy on your systemRemove Client Proxy software using Windows uninstall tool

42 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

Index

Aabout Client Proxy

on a Windows-based computer 39

on an OS X computer 39

about this guide 5access protection 17, 20

active directory groups 17, 20

Cconventions and icons used in this guide 5corporate network detection 17, 20

corporate VPN detection 17, 20

customer ID 17, 20

Ddeployment options 9documentation

audience for this guide 5product-specific, finding 5typographical conventions and icons 5

Eend-user computer requirements 13, 33

ePolicy Orchestrator 8

Hhardware requirements 13, 33

Iinstallation

hotfix 28, 41

product files 14, 34

Llog file settings 17, 20

Mmanaged platform, supported versions 13

McAfee Common Catalog 17, 21

McAfee ePOblock list, configure 21

McAfee ePO (continued)bypass list, configure 21

Client Configuration 17

client settings, configure 20

deploy 9end-user installation data, view 22

extension, install 14

extension, remove 29

install Client Proxy software 15

package, check in 15

policy, configure 19

Proxy Server List, configure 19

remove Client Proxy software 29

upgrade the software 27

McAfee SaaS Control Consoleblock list, configure 38

bypass list, configure 38

proxy servers, configure 37

McAfee SaaS Web Protection service 19

McAfee SaaS Web Protection Service 17, 37

McAfee ServicePortal, accessing 5McAfee Web Gateway 8, 17, 19, 35, 37

McAfee Web Protection Service 8

Ooperating system requirements 13, 33

overview 8

Ppermission sets 22

policyassign 21

export to XML file 25

policy optionsblock list 35

Block List 17

bypass list 35

Bypass List 17

Client Configuration 17

Proxy Server List 17

proxy servers 35

redirection settings 35

processes, block 21, 38

McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

43

Proxy Server List 19

Qqueries 22

Rrelease code 24, 40

reports 22

SSaaS Web Protection 35

server software requirements 13, 33

ServicePortal, finding product documentation 5

setupsystem requirements 13, 33

supported management platform versions 13

Ttechnical support, finding product information 5traffic redirection 17, 20

Uupgrade the software 41

VVPN 8

Index

44 McAfee Client Proxy 2.1.2 Product GuideFor Windows and Mac OS

A00