McAfee FIREWALL 2.1-GETTING STARTED User's Guide

Product GuideRevision AEndpoint Intelligence Agent 2.1.0

• ePolicy Orchestrator installs and configures the Endpoint Intelligence Agent settings on managedhosts.• Firewall Enterprise is configured for Endpoi

When the GTI capability is enabled on the NTBA appliance, McAfee EIA sends a GTI request consistingof the MD5. The NTBA communicates with the GTI serv

The confidence levels associated with an executable are specified in numeric values. Each of thesevalues corresponds to the following confidence level

2Setting up Endpoint Intelligence Agentwith ePolicy OrchestratorInstall the Endpoint Intelligence Management Extension, check in the Endpoint Intellig

Product Supported versionFirewall EnterpriseControl CenterFirewall EnterpriseVersion 5.3.1 or later.Version 8.3.1 with the latest P-patch, version 8.3

Upload the Endpoint Intelligence Agent packageUpload the Endpoint Intelligence Agent package to the ePolicy Orchestrator server. This packagecontains

3In the Task Types list, select Product Deployment.4Click OK. The Client Task Catalog: New Task - McAfee Agent: Product Deployment window appears.5In

3Configure Endpoint Intelligence Agent onFirewall EnterpriseTo configure Endpoint Intelligence Agent on Firewall Enterprise, follow the procedures in

• Public key lengths must be 4096 bits or lower.• The host certificate used by McAfee EIA must be signed by the same certificate authority thatgenerat

Option DefinitionRetentionIntervalSpecifies the number of days ePolicy Orchestrator keeps the Gateway Status reportssent from the McAfee EIA.'Tim

COPYRIGHTCopyright © 2013 McAfee, Inc. Do not copy without permission.TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee

TaskFor option definitions, click Help in the interface.1From the Firewall Enterprise Admin Console, select Maintenance | Certificate/Key Management.2

dEnter the information for the CA certificate.eClick Add.fClick Get CA Cert to get the Distinguished Name details.6Configure the firewall certificate.

3Click New Policy. The New Policy window appears.4Choose a policy in the Create a policy based on this existing policy list.5Enter a name in the Polic

Example: You have a subnet configured for route discovery, but you don't want to send metadatafor a particular host in that network.aEnter the ne

Option DefinitionLog LevelSpecifies the logging level for the Endpoint Intelligence Agent. By default, this isselected as Error. You can select other

Option DefinitionThread CountUsed to configure the number of worker threads used by McAfee EIA tocompute reputation. Reducing the thread count reduces

3Configure Endpoint Intelligence Agent on Firewall EnterpriseFirewall Enterprise setup26Endpoint Intelligence Agent 2.1.0 Product Guide

4Configure Endpoint Intelligence Agent onNTBATo configure Endpoint Intelligence Agent on NTBA appliance, follow the procedures in this section.Content

4Configure Endpoint Intelligence Agent on NTBANTBA setup28Endpoint Intelligence Agent 2.1.0 Product Guide

5Maintenance and troubleshootingYou can use a variety of reports and logs to monitor the status of host agents and troubleshootcommunication or operat

ContentsPreface 5About this guide ... 5Audience ... 5Conventions ...

View the Gateway Status report The Gateway Status report lists agent hosts that have problems communicating with the FirewallEnterprise gateway.TaskFo

Log Collector toolYou can collect logs using LogCollector.exe in the Endpoint Intelligence Agent install folder. This file isfound in C:\Program Files

Problem SolutionThe McAfee EIA Service doesnot startIn case the McAfee EIA Service does not start:• Check if Firecore service is running (start if it

Problem SolutionIssues with the EIM extension In case of issues with the EIM extension:• Provide the policy configuration.• Provide the browser versio

5Maintenance and troubleshootingTroubleshooting tips34Endpoint Intelligence Agent 2.1.0 Product Guide

6Frequently asked questionsThis section answers some of the frequently asked questions about Endpoint Intelligence Agent.Question 1When McAfee EIA swi

6Frequently asked questions36Endpoint Intelligence Agent 2.1.0 Product Guide

IndexAabout this guide 5active hosts, viewing 30agent status 30CcertificatesePolicy Orchestrator deployment 17SCEP 20conventions and icons used in thi

A00

Log Collector tool ...31Troubleshooting tips ... 316 Frequently asked questions 35Index 37

PrefaceThis guide provides the information you need to configure, use, and maintain your McAfee product.Contents About this guide Find product d

Find product documentationMcAfee provides the information you need during each phase of product implementation, frominstallation to daily use and trou

1IntroductionMcAfee® Endpoint Intelligence Agent is an endpoint solution that provides per-connection informationto the supported network devices, nam

• The executable file name on the disk (full path) and hash of the process that generated theconnectionThis is an optional field and is sent only when

When network traffic is generated, the reputation of the executable file is critical for the networkdevice to configure response actions to prevent ma