McAfee MOVE Agentless is controlled from the ePO server, which must first be configured. The ePO server continuously communicates with all Scan Virtual Appliances (SVA) across hypervisors. The basic policy configuration and event gathering data will come from the SVAs.
This guide will explain the installation and configuration of the data center connector, and how to connect your vCenter. The vCenter pulls in information regarding your environment as far as virtual machines available in your system. This allows us to develop queries and reports around which machines are protected and which ones are not, and then have that reporting structure in the ePO management server.
This McAfee MOVE Agentless installation and configuration guide covers:
You can also watch the steps described in this document by viewing the video below.
1. The first step is to download the files that we will need in order to configure and install the McAfee MOVE Agentless components into the ePO server. In order to do that, go to McAfee.com and click on “For Enterprise.”
2. Next, click on “Support,” then on “Product Downloads.”
3. Locate the “Download My Products” box on the screen, and then click on the “Go” button, which will take you to the download page.
4. In order to download your product, you will need to login. To do so, enter your Grant Number and the code displayed. Then click “Submit.” This will take you to your product page.
5. On your product page, find and click on “McAfee Reseller Support.”
6. On the McAfee Reseller Support page, scroll down to “Attention:MOVE” and click on “MOVE Antivirus [Agentless] 3.5”
7. Click on “I agree,” which will take you to a software download and documentation page.
8. On this page, you will need to click on each file and download it locally to your system. It is recommended that you create a “MOVE” folder to store all of your downloads in one convenient place.
1. Go to your product page and click on the “McAfee Reseller Support” link.
2. On this page, search for the word “Linux.” Click on “McAfee VirusScan Enterprise for Linux v2.0.1” This will take you to the download page for this package.
3. Click on the “I Agree” button.
4. Click on the file under “Download” on the left-most column. Download the file locally and place it in your MOVE directory. This file will be installed into the ePO.
1. Go to your product page and click on “McAfee Reseller Support.”
2. Find “Management Solutions” and click on “Data Center Connector v3.5 for vSphere.” There are several data center connectors listed depending on your license, such as Amazon Web Services, Microsoft Azure, Open Stack, and vSphere. The only one we are going to look at in this guide is the one for vSphere.
3. Click on the “I Agree” button.
4. In the “Software Downloads” tab, you will find the two downloads in the left-most column. Download both locally and place them in your MOVE directory.
1. Once you have downloaded the necessary files, unzip them. You will need to get your files down to the level shown below in order to use them with the ePO server and to be able to check them in with the ePO server.
2. Remove the Agentless files from the .zip and place them in a folder under your MOVE directory entitled “Agentless.”
1. Now we will login to the ePO server. This guide is using ePO Server version 5.1.1. To install the extensions, click on “Menu” on the top left.
2. Under “Menu,” find the “Software” section and click on “Extensions.” This will take you to the extensions page where you will be able to install the extensions you downloaded.
3. On the extensions page, click on “Install Extension” on the bottom left of the page.
4. Click on “Browse” and then navigate to your “Agentless” folder that you created under your “MOVE” directory in your downloads folder.
5. In the “Agentless” folder that you created, you will need to install the top three files, as they are extensions. They are called: “MOVE-AV_Help_3.5.0”, “MOVE-AV-AL_EXT_3.5.0”, and “MOVE-AV-AL_License_Ext_3.5.0” To install the files, select the .....first file, “MOVE-AV_Help_3.5.0” and click open.
6. Click “Ok.”
7. Click “Ok.”
8. Repeat this process for the other two files in your “Agentless” folder. Before checking in the packages, you will need to install the other extensions that were downloaded. To do so, click on “Install Extension” and then “Browse.”
9. Navigate to the “MOVE” directory and go into the VirusScan for Linux Directory. You will need to install the top three files, as they are extensions. These extensions give you the capability to control the VirusScan for Linux that will be on the Scan Virtual Appliances that you will be deploying to the eSX servers for this architecture. To install the files, select the first file, “help_vsel_201” and click open.
10. Repeat this process for the other two files. To install the extensions for the Data Center Connectors, navigate to the Extensions page of ePO by clicking Menu --> Extensions, click “Install Extension” on the bottom left corner of the page. Then click “Browse” and return to your MOVE directory.
11. The bottom two files will need to be installed. The “vSphere_Ext_18.104.22.168” extension for the Data Center Connector will allow you to connect to the vCenter and be able to apply specific configuration policies to individual serves and gather reporting information. Click on each one, then “Open” and the “Ok” in the bottom right.
12. Now that all of the extensions needed are checked in, you will now need to check in packages. To do that, go to software --> master repository.
13. In master repository, the “Check In” button will be either on the top or the bottom left under “Actions.” First, check in the package for VirusScan for Linux by going to that directory and choosing the ViruScan for Linux release that is the ePO package.
14. At this point, you have pulled the product into the ePO software. Another way of doing this would be to go to “Software Manager” in the Menu.
15. In the Software Manager, you can view the products that you are licensed for, such as Data Center Connector for vSphere. If you had not downloaded the product from the grant page, you could have checked it in through this interface.
16. In this instance, MOVE Antivirus Agentless and VirusScan for Linux are checked in and as updates on these packages become available, you will able to update those packages through this interface. You can do this by clicking on the available updates selecting the product and then select how you wish to update the product under the “Actions” column on the far right.
1. Now you will need to register the vCenter with your ePO server. To do this, go to MenuRegistered Cloud Accounts. This will allow you to add cloud account.
2. Click on Actions --> Add Cloud Account. In this instance, the only connector checked in at this time is the vSphere Connector
3. In the “Registered Cloud Accounts” page, enter your an Account Name, Server Address, vCenter username and password, and Tag. The account name can be whatever you want, and it is recommended that you name it something that will help you recognize the account within your ePO infrastructure. The server address is the IP address of the vCenter that you are trying to connect to. Enter a username/password which will grant you access to your vCenter. As you pull computers over into your directory organization, the ePO serer will also tag the copmuters. Once you have entered all of this information, click on “Test Connection.”
4. If successful, click on next, and then accept the certificate, click “Finish”, and then “Ok”.
5. The ePO server is now going to create a task that will synchronize with your vCenter according to how you set it up, and it will make sure that the information is synchronized between your ePO directory organization and the vCenter itself. You will see that it is already connected and it has been pulled over. You can verify this information by going to “System Tree”.
6. In the System Tree page, there will be a directory under “My Organization” called “vSphere.” In the “SE Machines” subcategory, you can view all the computers that ePO has synchronized over into the “My Organization” directory tree. This is where you can apply specific policies to these computers with your McAfee MOVE Agentless deployment.
7. Once you've done this synchronization with the cloud account registration, you will be able to view your dashboard by clicking on “Dashboards” on the upper left next to Menu.
8. You can view your Data Center Dashboard by clicking on the drop-down menu on the top left and selecting “Data Center” under “McAfee Dashboards.”
9. The dashboard is where you can view different things. In this particular account so how many of these machines are protected (highlighted in red below) or what are they protected with (highlighted below in yellow). You will also be able to view information in regards to your operating system distribution (highlighted in blue). If you have Boot Attestation, you can view which machines are trusted in regards to whitelists that you have created for both the bios and the VMM of your VMware environment (highlighted in green).
1. To configure policies for your McAfee MOVE Agentless deployment, click on “Policy Catalog,” which is found on the top of the screen. On this page, click on the drop-down menu and select “MOVE AV [Agentless] 3.5.0."
2. There are two policy sets called “My Default.” Click on the “My Default” link that is labeled “SVA” under “Category."
3. Create a connector here to your vCenter by entering your Hypevisor/vCenter Server IP address, a username that is going to have administrative rights to your vCenter, enter a password, and then click on “Test connection settings”.
4. When you get a “valid configuration” message, go to “Scan Settings” by clicking on the “Scan Settings” link. This is where you can set up how you are going to do on demand scans.
5. On this page, you will be able to view on demand scans. The white area is going to be when you do not want on-demand scans to be running and the green area is going to be when they are allowed.
6. The important value here is the “Maximum Concurrent On Demand Scans per SVA”. You can make that number whatever you want to be, however by default it is set it to two (highlighted below in red). If you want to enable the ability to be able to have different configuration policies or exclusions, you will need to check that box (highlighted below in blue). Once that box is checked, you will be able to change configuration policies according to groups or computers within the vSphere directory. Click “Yes” to enable the VM-based scan configuration.
7. You can then set up your quarantine settings in the “Quarantine settings” tab, so that when something is detected and cannot be cleaned, rather then delete that file, it will be moved into a quarantined area so that you can restore it if needed.
8. Once you have setup your quarantine settings, go back to the “Authentication” to review your settings and then click “Save” in the bottom right.
9. You now have a connector over to your vCenter. To setup your policy sets regarding the scanning process, click on the “My Default” link that corresponds with “Scan” under the “Category” column.
10. If you want to turn on “On-Demand Scanning,” check the “Enabled” box.
11. Under the “Scan Items” tab you can either turn on or turn off specific components within the scanning process, such as specifying what type of unwanted programs you want to detect.
12. In the “Exclusions” tab, you can specify what types of files you want to be excluded from scans, such as .txt and .log files. McAfee MOVE Agentless does not have the ability within this to exclude processes. On servers, you might want to exclude all text files, which can be accomplished by clicking “Add…” then typing “**\*.txt” and then clicking “Ok”. You could also exclude log files by typing “**\*.log”. There is documentation in regards to the architecture and the format that you need to use for these exclusions.
13. After you have set up your exclusions, click on the “Actions” tab to review what actions will be taken in regards to when a threat is found.
14. In the quarantine tab, you can choose to either enable or disable the quarantine, which will keep files if they cannot be cleaned in a secure area so that you can access or restore them if need be.
15. McAfee MOVE Agentless is one of the only products offered in today’s market that has the ability to differentiate between individual virtual computers and assign them different policies. If you want to have multiple policies, navigate back to the “Policy Catalog” page, then click on the first “My Default” which falls under the category “Scan.”
16. Click on the “Extensions” tab and then “Duplicate” in the bottom right.
17. For example, you can create a policy set that is going to be specific to SQL servers by naming your duplicate policy “SQL SERVERS.” Click “Ok” to duplicate the policy. Now you have the ability to apply this policy to servers within your system tree.
18. Navigate to the System Tree by clicking on the “System Tree” button on the top left.
19. We can check a SQL server and modify policies by clicking on “Actions” --> “Agent” --> “Modify Policies on a Single System.”
20. Clicking on “Edit Assignment” brings us to the scanning policy. Here you can break inheritance and assign your new policy by selecting “Break inheritance and assign the policy and settings below” and changing the assigned policy from “My Default” to your new policy, which in this case is “SQL SERVERS.”
21. This computer will now get a different policy then all of the other computers in terms of exclusion sets. When you save this new policy, it may take up to an hour to replicate out. If you want the change to be applied immediately, click on “Menu” on the top left and navigate to “Server Settings” under “Configuration.”
22. Select “MOVE AV [Agentless].” Next to “Run policy collector,” click “Run.” This will automatically push the synchronized policies that you have changed to the scanning appliances so that they will now which computers have different scanning policies in regards to exclusions.
23. McAfee MOVE Agentless is now installed and configured.