Product GuideMcAfee Endpoint Protection for Mac2.1.0
Threat category Potential threatBotnet breakdowns Infects your system or network and controls it from remotely to spreadmalware.Network threat Slows d
• Regular mode — When the network packet adheres to a rule’s condition, the associated actiondefined in the rule is executed. If no matching rule is f
Desktop firewall• Regular mode — When the network packet adheres to a rule’s condition, the associated actiondefined in the rule is executed. If no ma
General• Self protection — Allows ePolicy Orchestrator administrators to enable password protection in theclient interface to prevent local users from
1IntroductionProduct features14McAfee Endpoint Protection for Mac 2.1.0 Product Guide
2Installation and deploymentInstall McAfee Endpoint Protection for Mac on a standalone (unmanaged) Mac, or deploy from ePolicyOrchestrator on a manage
Package contentsThe software package contains these files that are necessary for installation.Package DescriptionEPM<version>‑<release‑type&g
4Type the following command, then press return.sudo installer -pkg EPM<version>‑<release‑type>‑<build‑number> .pkg –target /5Type th
• McAfee Security for Mac 1.1 and later to McAfee Endpoint Protection for Mac 2.1When the software is upgraded, only the Anti-malware and Application
Default settingsOnce installed, McAfee Endpoint Protection for Mac starts protecting the Mac immediately based on thedefault configurations defined. R
COPYRIGHTCopyright © 2013 McAfee, Inc. Do not copy without permission.TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee
Desktop FirewallFeature Default settingsDesktop firewall• Regular Mode — Enabled• Trust Local Subnet — SelectedFor default firewall rules, see Desktop
Task DescriptionAnti-malwareprotectionMcAfee Endpoint Protection for Mac comes with the default settings foranti-malware protection. Verify that the d
TaskFor option definitions, click ? in the interface.1Log on to the ePolicy Orchestrator as an administrator.2Click Menu, Software, then click Softwar
Install the extensions manuallyInstall McAfee Endpoint Protection for Mac extensions using ePolicy Orchestrator.You must install these extensions to e
Test the installationWhen you have completed the installation, we recommend that you test it to make sure that thesoftware is installed properly and c
4Click to prevent further changes.5From the Dock, click Finder, Go | Applications | then double-click iTunes to display this message. For more info
7In the Transport Protocol section, select All Protocols.8Open the browser, type the website name, then press return.Make sure no McAfee ePO rule allo
Remove the software from a managed MacRemove McAfee Endpoint Protection for Mac from the managed Mac and remove the extensions fromthe ePolicy Orchest
Remove the software extensionsRemove the McAfee Endpoint Protection for Mac extensions from the ePolicy Orchestrator server.Remove only the extensions
3Using the software on a standalone MacYou can use the McAfee Endpoint Protection for Mac console to view the dashboard, events details, thehistory of
ContentsPreface 7About this guide ... 7Audience ... 7Conventions ...
•Application Protection•Desktop FirewallRecent events summaryYou can view the summary of recent five events in Dashboard.The events summary includes:•
Quarantine malwareThe quarantine feature isolates dangerous or suspicious malware that could harm your Mac otherwise.To view the quarantined items, fr
Perform a system scanPerform an on-demand scan on specific files, folders, and local or network-mounted volumesimmediately.Task1Click the McAfee menul
6In the When to scan section, select a schedule for the scan task, then click Schedule Scan.• Immediately — Starts a scan task immediately. If you sel
3Using the software on a standalone MacConfigure custom scan tasks34McAfee Endpoint Protection for Mac 2.1.0 Product Guide
4Configuring protection preferences on astandalone MacUse McAfee Endpoint Protection for Mac preferences to enable or disable anti-malware, applicatio
• Application Protection — Define rules for applications, to run with full network access, restrictednetwork access, or deny application execution.• D
• Delete — To delete the item that contains spyware.• Notify — To notify you when spyware is detected. No other action is taken.7From the Also scan dr
6From the Also scan drop-down list, select where you want to enable scanning:•Archives & Compressed Files•Apple Mail Messages•Network VolumesWhen
On-demand scan preferences• Always enable the scan for Archives & Compressed Files while performing on-demand scan. This isrecommended because you
Remove or restore the quarantined item ... 31Update the anti-malware and DAT files ... 31Perform a system s
3On the Rules tab, you can:• Select or deselect Allow All Apple Signed Binaries.• Select Allow, Deny, or Prompt from the Unknown/Modified Applications
Modify an existing application protection ruleYou can modify the existing application protection rule's definition that is in force, according to
5From the list, add the path of the applications you want to exclude, then click Open.6Click to prevent further changes.To delete an exclusion, sele
Recommended application protection configuration• Add basic rules to allow or block certain applications based on the checklist prepared earlier. Duri
• FTP inspection — Desktop firewall automatically creates dynamic rules for FTP data connections,by actively monitoring the FTP commands on the contro
To change the desktop firewall protection from Regular mode to Adaptive mode, click | McAfeeEndpoint Protection for Mac Preferences | Desktop Firewa
To change the desktop firewall protection from Adaptive mode to Regular mode, click | McAfeeEndpoint Protection for Mac Preferences | Desktop Firewa
Desktop firewall monitors the PORT, EPRT, PASV, and EPSV commands on the control channel, anddetermines which dynamic rules must be created for subseq
How desktop firewall rules are organizedRules are categorized as ePO Rules, Client Rules, and Adaptive Rules.Rules are displayed in tree view. The ePO
• These rules allow the Mac to:• Obtain an IP address using DHCP.• Perform DNS queries.• Perform DAT updates.• Allow communication with ePolicy Orches
Run a query ...696 Troubleshooting 71Run the repairMSC utility ... 71Index 73ContentsMcAfee E
For thisfield...Configure these options...Rule NameType a name for the rule.Status• Enabled — To enable the firewall rule.• Disabled — To disable the
For thisfield...Configure these options...Network ProtocolIPv4Define the configuration for Local Mac using:•Single•Fully Qualified Domain Name•Subnet•
• Action — Allow • Select UDP, Local, then type the Port Noas 68• Direction — Outgoing • Select UDP, Remote, then type the PortNo as 67Create a rule t
• Allow outgoing for POP3, IMAP, SMTP• Allow outgoing for RDP• Allow outgoing for Idap• Allow bi-directional for AFP/SMB, if you are using file sharin
Configure an update scheduleConfigure the repository list that needs to be accessed to update the anti-malware, the proxyconnection settings, and the
4Select whether to use a proxy.•Do not use a proxy•Configure proxy settings manually5Select Use these settings for all proxy types to specify the same
4Configuring protection preferences on a standalone MacConfigure an update schedule56McAfee Endpoint Protection for Mac 2.1.0 Product Guide
5Managing the software with ePolicyOrchestratorIntegrate and manage McAfee Endpoint Protection for Mac using ePolicy Orchestrator managementsoftware.M
Configure these policies with your preferences, then assign them to groups of the managed Mac. Forgeneric information about policies, see the product
Create a self-protection policySelf-protection allows ePolicy Orchestrator administrators to enable password protection forpreferences in the client i
Contents6McAfee Endpoint Protection for Mac 2.1.0 Product Guide
4On the General tab of the policy page, select these options:• General policies controlling overall functioning of Anti-malware — To enable or disable
In.. Define..On-demand Scanpolicies• Scan contents of Archives and compressed files — To scan archived and compressedfiles.• Scan Apple Mail Messages
TaskFor option definitions, click ? in the interface.1Log on to the ePolicy Orchestrator server as an administrator.2Click Menu | Systems | System Tre
5Define these parameters, then click Next.•Schedule status•Start time•Schedule type•Task runs according to•Effective period•Options6In the Summary pag
10Type the application name with its path, then click OK.For example, to exclude the application Calculator, type /Applications/Calculator.app in theN
4Select the options, then click Save.From... Set these options...Firewall statusEnabled — To enable desktop firewall protection on managed Mac.• Regul
From.. Configure these options..Networkprotocol1Select• Any Protocol — To allow any IP Protocol.• IP Protocol — To select IPv4 Protocol.McAfee Endpoin
3Click New Policy, type a name for the policy, then click OK.4On the Firewall Rules page, click New Group, type a name for the group, select Direction
TaskFor option definitions, click ? in the interface.1Log on to the ePolicy Orchestrator server as an administrator.2From the Policy Catalog, select H
Queries and reportsRun predefined queries to generate reports, or modify them to generate custom reports.Query DisplaysEPM: Anti-malware ComplianceThe
PrefaceThis guide provides the information you need for all phases of product use, from installation toconfiguration to troubleshooting.Contents Ab
5Managing the software with ePolicy OrchestratorQueries and reports70McAfee Endpoint Protection for Mac 2.1.0 Product Guide
6TroubleshootingIdentify and troubleshoot issues when using McAfee Endpoint Protection for Mac.Run the repairMSC utilityUse the repairMSC utility to t
6TroubleshootingRun the repairMSC utility72McAfee Endpoint Protection for Mac 2.1.0 Product Guide
IndexAabout this guide 7adaptive mode 43adaptive rules 45anti-malwarebest practices 38configuring anti-malware 38defining exclusions 38testing the fea
installation (continued)using wizard 16introduction 9Mmalwarequarantine 31removing quarantined items 31restoring quarantined items 31McAfee ServicePor
0-00
Find product documentationMcAfee provides the information you need during each phase of product implementation, frominstallation to daily use and trou
1IntroductionMcAfee® Endpoint Protection for Mac offers scalable security solution that minimizes the risk ofexposing your Mac to vulnerabilities.The
Comments to this Manuals