McAfee FIREWALL 2.10 User's Guide

Product GuideMcAfee Endpoint Protection for Mac2.1.0

Threat category Potential threatBotnet breakdowns Infects your system or network and controls it from remotely to spreadmalware.Network threat Slows d

• Regular mode — When the network packet adheres to a rule’s condition, the associated actiondefined in the rule is executed. If no matching rule is f

Desktop firewall• Regular mode — When the network packet adheres to a rule’s condition, the associated actiondefined in the rule is executed. If no ma

General• Self protection — Allows ePolicy Orchestrator administrators to enable password protection in theclient interface to prevent local users from

1IntroductionProduct features14McAfee Endpoint Protection for Mac 2.1.0 Product Guide

2Installation and deploymentInstall McAfee Endpoint Protection for Mac on a standalone (unmanaged) Mac, or deploy from ePolicyOrchestrator on a manage

Package contentsThe software package contains these files that are necessary for installation.Package DescriptionEPM<version>‑<release‑type&g

4Type the following command, then press return.sudo installer -pkg EPM<version>‑<release‑type>‑<build‑number> .pkg –target /5Type th

• McAfee Security for Mac 1.1 and later to McAfee Endpoint Protection for Mac 2.1When the software is upgraded, only the Anti-malware and Application

Default settingsOnce installed, McAfee Endpoint Protection for Mac starts protecting the Mac immediately based on thedefault configurations defined. R

COPYRIGHTCopyright © 2013 McAfee, Inc. Do not copy without permission.TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee

Desktop FirewallFeature Default settingsDesktop firewall• Regular Mode — Enabled• Trust Local Subnet — SelectedFor default firewall rules, see Desktop

Task DescriptionAnti-malwareprotectionMcAfee Endpoint Protection for Mac comes with the default settings foranti-malware protection. Verify that the d

TaskFor option definitions, click ? in the interface.1Log on to the ePolicy Orchestrator as an administrator.2Click Menu, Software, then click Softwar

Install the extensions manuallyInstall McAfee Endpoint Protection for Mac extensions using ePolicy Orchestrator.You must install these extensions to e

Test the installationWhen you have completed the installation, we recommend that you test it to make sure that thesoftware is installed properly and c

4Click to prevent further changes.5From the Dock, click Finder, Go | Applications | then double-click iTunes to display this message. For more info

7In the Transport Protocol section, select All Protocols.8Open the browser, type the website name, then press return.Make sure no McAfee ePO rule allo

Remove the software from a managed MacRemove McAfee Endpoint Protection for Mac from the managed Mac and remove the extensions fromthe ePolicy Orchest

Remove the software extensionsRemove the McAfee Endpoint Protection for Mac extensions from the ePolicy Orchestrator server.Remove only the extensions

3Using the software on a standalone MacYou can use the McAfee Endpoint Protection for Mac console to view the dashboard, events details, thehistory of

ContentsPreface 7About this guide ... 7Audience ... 7Conventions ...

•Application Protection•Desktop FirewallRecent events summaryYou can view the summary of recent five events in Dashboard.The events summary includes:•

Quarantine malwareThe quarantine feature isolates dangerous or suspicious malware that could harm your Mac otherwise.To view the quarantined items, fr

Perform a system scanPerform an on-demand scan on specific files, folders, and local or network-mounted volumesimmediately.Task1Click the McAfee menul

6In the When to scan section, select a schedule for the scan task, then click Schedule Scan.• Immediately — Starts a scan task immediately. If you sel

3Using the software on a standalone MacConfigure custom scan tasks34McAfee Endpoint Protection for Mac 2.1.0 Product Guide

4Configuring protection preferences on astandalone MacUse McAfee Endpoint Protection for Mac preferences to enable or disable anti-malware, applicatio

• Application Protection — Define rules for applications, to run with full network access, restrictednetwork access, or deny application execution.• D

• Delete — To delete the item that contains spyware.• Notify — To notify you when spyware is detected. No other action is taken.7From the Also scan dr

6From the Also scan drop-down list, select where you want to enable scanning:•Archives & Compressed Files•Apple Mail Messages•Network VolumesWhen

On-demand scan preferences• Always enable the scan for Archives & Compressed Files while performing on-demand scan. This isrecommended because you

Remove or restore the quarantined item ... 31Update the anti-malware and DAT files ... 31Perform a system s

3On the Rules tab, you can:• Select or deselect Allow All Apple Signed Binaries.• Select Allow, Deny, or Prompt from the Unknown/Modified Applications

Modify an existing application protection ruleYou can modify the existing application protection rule's definition that is in force, according to

5From the list, add the path of the applications you want to exclude, then click Open.6Click to prevent further changes.To delete an exclusion, sele

Recommended application protection configuration• Add basic rules to allow or block certain applications based on the checklist prepared earlier. Duri

• FTP inspection — Desktop firewall automatically creates dynamic rules for FTP data connections,by actively monitoring the FTP commands on the contro

To change the desktop firewall protection from Regular mode to Adaptive mode, click | McAfeeEndpoint Protection for Mac Preferences | Desktop Firewa

To change the desktop firewall protection from Adaptive mode to Regular mode, click | McAfeeEndpoint Protection for Mac Preferences | Desktop Firewa

Desktop firewall monitors the PORT, EPRT, PASV, and EPSV commands on the control channel, anddetermines which dynamic rules must be created for subseq

How desktop firewall rules are organizedRules are categorized as ePO Rules, Client Rules, and Adaptive Rules.Rules are displayed in tree view. The ePO

• These rules allow the Mac to:• Obtain an IP address using DHCP.• Perform DNS queries.• Perform DAT updates.• Allow communication with ePolicy Orches

Run a query ...696 Troubleshooting 71Run the repairMSC utility ... 71Index 73ContentsMcAfee E

For thisfield...Configure these options...Rule NameType a name for the rule.Status• Enabled — To enable the firewall rule.• Disabled — To disable the

For thisfield...Configure these options...Network ProtocolIPv4Define the configuration for Local Mac using:•Single•Fully Qualified Domain Name•Subnet•

• Action — Allow • Select UDP, Local, then type the Port Noas 68• Direction — Outgoing • Select UDP, Remote, then type the PortNo as 67Create a rule t

• Allow outgoing for POP3, IMAP, SMTP• Allow outgoing for RDP• Allow outgoing for Idap• Allow bi-directional for AFP/SMB, if you are using file sharin

Configure an update scheduleConfigure the repository list that needs to be accessed to update the anti-malware, the proxyconnection settings, and the

4Select whether to use a proxy.•Do not use a proxy•Configure proxy settings manually5Select Use these settings for all proxy types to specify the same

4Configuring protection preferences on a standalone MacConfigure an update schedule56McAfee Endpoint Protection for Mac 2.1.0 Product Guide

5Managing the software with ePolicyOrchestratorIntegrate and manage McAfee Endpoint Protection for Mac using ePolicy Orchestrator managementsoftware.M

Configure these policies with your preferences, then assign them to groups of the managed Mac. Forgeneric information about policies, see the product

Create a self-protection policySelf-protection allows ePolicy Orchestrator administrators to enable password protection forpreferences in the client i

Contents6McAfee Endpoint Protection for Mac 2.1.0 Product Guide

4On the General tab of the policy page, select these options:• General policies controlling overall functioning of Anti-malware — To enable or disable

In.. Define..On-demand Scanpolicies• Scan contents of Archives and compressed files — To scan archived and compressedfiles.• Scan Apple Mail Messages

TaskFor option definitions, click ? in the interface.1Log on to the ePolicy Orchestrator server as an administrator.2Click Menu | Systems | System Tre

5Define these parameters, then click Next.•Schedule status•Start time•Schedule type•Task runs according to•Effective period•Options6In the Summary pag

10Type the application name with its path, then click OK.For example, to exclude the application Calculator, type /Applications/Calculator.app in theN

4Select the options, then click Save.From... Set these options...Firewall statusEnabled — To enable desktop firewall protection on managed Mac.• Regul

From.. Configure these options..Networkprotocol1Select• Any Protocol — To allow any IP Protocol.• IP Protocol — To select IPv4 Protocol.McAfee Endpoin

3Click New Policy, type a name for the policy, then click OK.4On the Firewall Rules page, click New Group, type a name for the group, select Direction

TaskFor option definitions, click ? in the interface.1Log on to the ePolicy Orchestrator server as an administrator.2From the Policy Catalog, select H

Queries and reportsRun predefined queries to generate reports, or modify them to generate custom reports.Query DisplaysEPM: Anti-malware ComplianceThe

PrefaceThis guide provides the information you need for all phases of product use, from installation toconfiguration to troubleshooting.Contents Ab

5Managing the software with ePolicy OrchestratorQueries and reports70McAfee Endpoint Protection for Mac 2.1.0 Product Guide

6TroubleshootingIdentify and troubleshoot issues when using McAfee Endpoint Protection for Mac.Run the repairMSC utilityUse the repairMSC utility to t

6TroubleshootingRun the repairMSC utility72McAfee Endpoint Protection for Mac 2.1.0 Product Guide

IndexAabout this guide 7adaptive mode 43adaptive rules 45anti-malwarebest practices 38configuring anti-malware 38defining exclusions 38testing the fea

installation (continued)using wizard 16introduction 9Mmalwarequarantine 31removing quarantined items 31restoring quarantined items 31McAfee ServicePor

0-00

Find product documentationMcAfee provides the information you need during each phase of product implementation, frominstallation to daily use and trou

1IntroductionMcAfee® Endpoint Protection for Mac offers scalable security solution that minimizes the risk ofexposing your Mac to vulnerabilities.The