Product GuideRevision AEndpoint Intelligence Agent 2.1.0
• ePolicy Orchestrator installs and configures the Endpoint Intelligence Agent settings on managedhosts.• Firewall Enterprise is configured for Endpoi
When the GTI capability is enabled on the NTBA appliance, McAfee EIA sends a GTI request consistingof the MD5. The NTBA communicates with the GTI serv
The confidence levels associated with an executable are specified in numeric values. Each of thesevalues corresponds to the following confidence level
2Setting up Endpoint Intelligence Agentwith ePolicy OrchestratorInstall the Endpoint Intelligence Management Extension, check in the Endpoint Intellig
Product Supported versionFirewall EnterpriseControl CenterFirewall EnterpriseVersion 5.3.1 or later.Version 8.3.1 with the latest P-patch, version 8.3
Upload the Endpoint Intelligence Agent packageUpload the Endpoint Intelligence Agent package to the ePolicy Orchestrator server. This packagecontains
3In the Task Types list, select Product Deployment.4Click OK. The Client Task Catalog: New Task - McAfee Agent: Product Deployment window appears.5In
3Configure Endpoint Intelligence Agent onFirewall EnterpriseTo configure Endpoint Intelligence Agent on Firewall Enterprise, follow the procedures in
• Public key lengths must be 4096 bits or lower.• The host certificate used by McAfee EIA must be signed by the same certificate authority thatgenerat
Option DefinitionRetentionIntervalSpecifies the number of days ePolicy Orchestrator keeps the Gateway Status reportssent from the McAfee EIA.'Tim
COPYRIGHTCopyright © 2013 McAfee, Inc. Do not copy without permission.TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee
TaskFor option definitions, click Help in the interface.1From the Firewall Enterprise Admin Console, select Maintenance | Certificate/Key Management.2
dEnter the information for the CA certificate.eClick Add.fClick Get CA Cert to get the Distinguished Name details.6Configure the firewall certificate.
3Click New Policy. The New Policy window appears.4Choose a policy in the Create a policy based on this existing policy list.5Enter a name in the Polic
Example: You have a subnet configured for route discovery, but you don't want to send metadatafor a particular host in that network.aEnter the ne
Option DefinitionLog LevelSpecifies the logging level for the Endpoint Intelligence Agent. By default, this isselected as Error. You can select other
Option DefinitionThread CountUsed to configure the number of worker threads used by McAfee EIA tocompute reputation. Reducing the thread count reduces
3Configure Endpoint Intelligence Agent on Firewall EnterpriseFirewall Enterprise setup26Endpoint Intelligence Agent 2.1.0 Product Guide
4Configure Endpoint Intelligence Agent onNTBATo configure Endpoint Intelligence Agent on NTBA appliance, follow the procedures in this section.Content
4Configure Endpoint Intelligence Agent on NTBANTBA setup28Endpoint Intelligence Agent 2.1.0 Product Guide
5Maintenance and troubleshootingYou can use a variety of reports and logs to monitor the status of host agents and troubleshootcommunication or operat
ContentsPreface 5About this guide ... 5Audience ... 5Conventions ...
View the Gateway Status report The Gateway Status report lists agent hosts that have problems communicating with the FirewallEnterprise gateway.TaskFo
Log Collector toolYou can collect logs using LogCollector.exe in the Endpoint Intelligence Agent install folder. This file isfound in C:\Program Files
Problem SolutionThe McAfee EIA Service doesnot startIn case the McAfee EIA Service does not start:• Check if Firecore service is running (start if it
Problem SolutionIssues with the EIM extension In case of issues with the EIM extension:• Provide the policy configuration.• Provide the browser versio
5Maintenance and troubleshootingTroubleshooting tips34Endpoint Intelligence Agent 2.1.0 Product Guide
6Frequently asked questionsThis section answers some of the frequently asked questions about Endpoint Intelligence Agent.Question 1When McAfee EIA swi
6Frequently asked questions36Endpoint Intelligence Agent 2.1.0 Product Guide
IndexAabout this guide 5active hosts, viewing 30agent status 30CcertificatesePolicy Orchestrator deployment 17SCEP 20conventions and icons used in thi
A00
Log Collector tool ...31Troubleshooting tips ... 316 Frequently asked questions 35Index 37
PrefaceThis guide provides the information you need to configure, use, and maintain your McAfee product.Contents About this guide Find product d
Find product documentationMcAfee provides the information you need during each phase of product implementation, frominstallation to daily use and trou
1IntroductionMcAfee® Endpoint Intelligence Agent is an endpoint solution that provides per-connection informationto the supported network devices, nam
• The executable file name on the disk (full path) and hash of the process that generated theconnectionThis is an optional field and is sent only when
When network traffic is generated, the reputation of the executable file is critical for the networkdevice to configure response actions to prevent ma
Comments to this Manuals