This thread is specifically for the Virus and Spyware Component of the McAfee Total Protection Service !!!
1} The On Access Scanner or the Virus and Spyware Component of ToPS has this nasty habit of shutting itself off quite a few times due to reasons only known to the software or the developer. Now the most disheartening feature is that, the service is not configured to take any action on its failure. Yes, You read it right. You would have to manually set it to restart the services immediately or just keep looking at the McAfee console which says you are at risk. Help me Jesus !!!
2} Even a school student would know that if he/she has to fiddle around with the comp and its settings, They just have to disable the AV. The McAfee's main scanning component (mcshield.exe) can be stooped by going in to the Services tab or even from the Task manager. McAfee's ToPS can't even protect itself from being terminated. No wonder, Any malware can easily spread its roots in to a system with ToPS by just disabling it.
3} There should be a way to lock down the settings in ToPS as well. Even the Home User's Total protection 2010 will not let you stop mcshield.exe so easily let alone tweaking its settings. I wonder what made the developers to just ignore this very important feature.
4} I have told it time and again. With the current influx of new variants and dangerous malware in the wild, the customers should have a greater leverage to decide what kind of heuristic sensitivity is good for them. There is no easy way to set the Artemis sensitivity level either from the console or from the Security centre. McAfee by default sets it to very low. It is as good as not having it at all. In my earlier posts, I did talk about a painful method of changing the Artemis settings using regedit.exe.
5} ToPS does not clean cookies in the Real time Scans. Unlike VSE. You run an On demand scan and the only detection you will see is that of cookies. I am not interested in knowing how many cookies were there in my comp. For god's sake, Do not keep the cookies in my system untill I run an on demand scan. Please take care of it real time and get me a clean report if my system is clean and do not show me 30 detections and scare the living day lights out of me and then laugh out loud at my face by showing how many cookies you deleted !!!
6} You cannot run an On demand Scan by just right clicking on the tray icon. Come on McAfee !!! All your products have that option. Why do I have to open the console just to run a scan. Now that I have the Console open, You do not want to give me the update option. I have to close the console and only then try an update. Why cant you just let the update happen without nagging me to close the already open window ???
7} If I try and submit a sample from the Quarantinbe viewer, I can't. I wonder why. Some one wants to help me understand ???
I have listed out other features as per my understanding of them. Take out a little friends and lets try and let McAfee know where they are lacking and help McAfee help itself !!!
I am used to managing EPO so I find some of the missing features a bit suprising in TPS Security Center
I would love to be able to instruct the clients run an on demand scan as soon as they check in. so far, there are no TASKS you can run. Instead you need to change the scheduled scan options. Thats not very helpful if there is an outbreak of a new virus.
I would love to be able to easily adjust which policies apply to each Group without needing to screw around with copying policies. In EPO its a simple task to move and verify which policies apply to groups.
I would love to be able to add multiple administrator accounts (not group admin's but true admin's to the Security Center.
I have had nothing but trouble using the vssetup options. Client installs great, shows everythnig is good and you can update,etc. Except it never shows in the Security console. Of course if you remove the product it notifies you that the software was removed. Thats helpful.
I also dislike that you can't prevent the simple stopping of services for mcafee and it has no autorecovery features.
Those cookie threats are a freaking joke and do nothing but scare people.
I do like that users can Enter in an email address so even with duplicate computer names I can figure out which client that computer belongs to.
I do like the ability to generate indivudual URL's for clients so their computers go into their group (and it ensures if they pass around that url to friends/family they end up paying for the licensing)
Message was edited by: Rumple on 2/28/10 2:39:52 PM CSTMessage was edited by: Rumple on 2/28/10 2:42:27 PM CST
I liked the few pointers you made about how vssetup.exe is more of a pain than anything else.
Cannot agree more with how the product is so very nasty at leaving its traces behind and still telling you that its active even after being removed and the poor security centre not being able to keep a track of the same.
However, I would just try and not compare ToPS to a great product like ePO. Simply because for a hosted security suite like ToPS, It is outrageously unfair on our part to expect a performence like the ePO. We can however hope for anything similar and whatever is already there, Even if that part is made concrete , It will be a dream software.
Please keep them coming !!!
Sameer, funny enough, I used the feedback section of the product to post my points and the next morning I had an email from the Senior Product Manager for TPS want to discuss my feedback in a conference call.
I don't think he will be able to provide any assistance with the virusscan specific options, but may be an inroad to someone who can...
I am gonig to put together as concise an email as I can for him outlining the points on the TPS Security Center (which overall isn't too bad in itself) and include things on the VirusScan product from the forums.
Lets see if we can get some traction.
That is great news Rumple. I am heartened and delighted to know that atleast McAfee is paying heed to whatever activity is happening here.
Please post that concise email here as well just for the record for us to track whether the email was read and acted upon. great going mate.
Keep them coming !
Currently we have about 250 clients connected to our EPO server that we manage like a SAAS solution (any networks directly connected to us or that we work on, need to be covered by Mcafee for production).
Outside of current challenges with EPO (it not supporting dns resolution natively, and EPO server IP changes causing major headaches ), EPO works extremely well and provides us with the following capabilities
Export system reports on a scheduled basis in XLS format which can be used to generate invoices and status reports for clients
Systems autogroup themselves based on Workgroup/domain name) as they receive the agent.
Easily configure system tasks to specific groups (or all group) using the system Tree
Policy management allows me to easily assign policies to the entire organization and/or subgroups and then go back and EDIT the assignment as required.
We are looking at the TPS product as its less work for us to maintain, its designed as a SAAS solution (instead of manipulating EPO to work like one) and the licensing for TPS is all inclusive of the Antivirus licenses (and is cheaper).
We've purchased 10 licenses of the TPS Extended to trial how it works and to get some hands on experience with the TPS Security console. I will break my comments into SecurityCenter and the VirusScan component.
The URL wizard for deploying products. This allows us to Generate a specific URL for each client. If the client gives out their URL to friends and family, they are responsible for the costs associated with that. This allows us tighter control over Rogue systems showing up in TPS and not knowing who they are.
The Email address component of the Installation. This allows me more visibility into who's system I am looking at based on the email address, not playing guessing game based on workgroup, IP address, and other information on the system.
vssetup for our corporate clients as I can have it auto include the users email address as part of the install
Reporting is not too bad, although not as extensive as EPO....but That will come with time. This is nothing I am really missing in the on demand reporting.
Web Filtering - I liken this to a mini websense. Great option for me to have a solution for parents who say..how can I keep my 6 year old from seeing "x". now I can help make that happen. to me, one of the better parts of the product.
Groups and policies
· Groups and policies section needs some work (or I need to learn to work differently). During Group creation, there is no option to associate a policy with a group. After a Policy is created, you cannot EDIT the Group Policy assignments. From this, I gather the groups are really just for readability, but not really for functionally ensure that every computer in a group gets the same policy.
As an example, let's assume I create a policy called Policy1 and do not associate it with a group. Next, I create a group and call it Group1. At this point, there is no way to apply Policy1 to Group1.
Using the URL installation method, I can assign the computers Policy1 and add them to Group1. Using the vssetup option I can Assign the computers to the group using /GROUPID, but I can't assign them Policy1...so they get the default policy. That's going to cause me problems, since I need to be aware of every install and go in an change the policy that computer gets. The only option is to create a copy of the policy every time I add a new group so I can apply a policy to it.
· Approved Programs - What in the hell were you thinking making Cookies show up in the approved programs list of a policy. Holy sweet jesus, can you imagine what's going to happen with 350 clients under my account? Good luck finding the real programs, especially since you cannot even sort the column on blocked or allowed status, so you have to scroll thru them
· Administrator Accounts - I would like to be able to add multiple administrators to login to the Security Center - One admin/account doesn't really allow myself and other techs to do independent management without sharing his account password.
· Schedule Reports - Having the Scheduled reports sending me an MHT file isn't really useful. Stick with PDF or XLS please. No one use MHT anymore and in most cases IE will block it from running without screwing with trusted sites (and doesn't help at all on a blackberry)
· vssetup method - I cannot apply a policy using this method which is a problem/concern.
· vsssetup seems to not show the client in the console consistently.
Out of 5 tries using vssetup in the login script, only a single computer actually showed up in the Security Center. The missing clients show up connected and function and able to update, however the Security Center doesn't show the clients, nor is a license used (good for me I guess).
However, If I remove the client(s) using add/remove programs then I get an alert in Security Center saying the client was removed so obviously its communicating properly to my account.
I did find a kb article on this I believe, but the solution was to use the URL installation method..not very helpful since it essentially means I cannot trust the vssetup clients to show up consistently.
· vssetup in a login script "appears" to actually completely re-run the installation every time the user logs in instead of actually checking to see if the product is installed. My login script sits on the screen for quite a while every login and I see vssetup running in the tasks manager and then I get an alert in the console that the machine was removed. Since there is a /reinstall option for vssetup, I would assume that vssetup is smart enough to check to see if it's already installed and exit. I can do it myself with regfind, but that doesn't seem very SMB friendly to me.
· Artemis sensitivity cannot be adjusted from the console - What good is heuristics scanning if its turned to very low. It's not helping. While I understand wanting to reduce false positives for SMB, at least allow me to Adjust the level in the Policy as needed without hacking the registry on every client.
· Tasks - At the very least, give me an option in the policy that will allow me to tell the client to perform an on demand scan upon next check in. If a zero-day virus breaks out that I need to suddenly have all my clients start scanning to clean, I don't want to change the scheduled policy just to do that. That usually results in someone not getting the policy update later and doing another scan at the same time on a different day(s), generating a support call.
· Approved programs and Internet programs - How am I supposed to approve a program just based on a name. RemAdm-RemoteAdmin could be sitting in the c:\windows\system32 directory (a hack) or it could be the legitimate version I installed into the program files directory. Either way I've just approved both. Again, PLEASE do not show cookies in the programs list, especially if I can't filter them out while looking for legit programs.
I am used to working with the VirusScan Enterprise so most of my comments are around a comparison with this product. Overall, from a positive perspective, the product seems to perform well and not cause any client issues that we've found. Most of my issues are around functionality as compared to Enterprise (which maybe isn't totally fair, but I expect something billed as a Total Protection Suite, to actually have most of not all the Client side features of Enterprise (with maybe less management options).
Virus and Spyware Component
- The On Access Scanner or the Virus and Spyware Component has absolutely no Auto recovery from a crash and no protection from someone stopping a service.
- McAfee's TPS does not protect itself from being terminated. How can Mcafee put SMB into a situation where the antivirus can be terminated and isn't smart enough to restart itself. Protection and recoverability MUST be a core component as SMB depends on the product for protection.
- Artemis sensitivity cannot be adjusted from the console, but also cannot be adjust from the client. At least give me a way to adjust it somewhere, again, without hacking the registry.
- Scan Results - for the love of god, either just auto clean the cookies in real-time, or do NOT report them when someone does a full scan as a problem. That's a sure fire way to generate a hell of a lot of support calls for nothing. I care about malware and virus's....cookies are way down on my list of issues. Give me a way to adjust the policy for the real-time scanner so I can tell it how to handle cookies.
- Silly issue, but let a user right client the tray icon and perform a scan. Try talking a computer illiterate person on how to open tops, find the action menu and then get a scan going.
- Firewall allowed programs - only scan's the EXE name not actually intelligently looking at the application or file. Winword.exe can be an allowed program..even if it's running out of the system32 directory. A firewall that's billed as Total Protection should actually use IPS for intelligent analysis, not just program file name, nor port access (in isolation). From the Security console I can't tell where the program resides, I can't make the intelligent decision if I should block or allow it.
This should give you enough to review. Some of this information I have investigated myself and some I have reviewed and agreed with based on comments in the community forums. (http://community.mcafee.com/community/business/system/tops) Just for Reference, my Id is Rumple on the forums and i will also be posting this email to the forums as well just to help keep everyone in the loop. There are many who are excited about the prospect of having the ear of someone with direct influence on the product we so desperately want to use
I must say you have done a GREAT job in compiling all the ideas discussed by us in these forums.
A well etched out email with all the necessary information included in it. I am really very happy that this little initiative that we took to help McAfee understand how they can make this innovative product a concrete one with all the right features seems to have taken off atleast with the Product Manager himself checking back with you.
Please let us know if you have heard anything back from McAfee yet.
Keeping my fingers crossed
Congratulations Rumple - I couldnt agree more with your comments. In fact, Ive posted them here myself, ive logged them with McAfee, Ive spoken with them about this.....and???
I maintain my position, they need to have a serious review of what they are providing. They need to listen, and fix whats wrong.
I mean cookies??? Thats all this thing tells me.
Best of luck
I wanted to give you an update on this.
Today I had a phone conference with Mcafee to discuss my/our points line by line. What I can tell you is that it was a very positive phone discussion about these points with 3 different members of their team.
I've agreed to an NDA on any forward looking enhancements to the product so I cannot share the results of the conversation ver batum, but I can tell you that I did not receive one comment of we cannot do that, or its not designed to work that way. This is also not a stale product development wise either. The challenges are to systematically and carefully evaluate and implement changes so any unexpected results are avoided.
Couple of things I can talk about that are hot topics for us.
Artemis level - is lower for this SMB product vs the Enterprise products as mentioned before - mainly because of the target market of the product line, but they have agreed that this will be reviewed within Mcafee as they have received lots of feedback on this.
Cookies in virusscan - they do agree the cookies showing up during a scan would cause undue concern with end users, therefore discussions will happen to see how that can be addressed.
Cookies in Security Center programs list - Do agree that the ability to filter out cookies or have cookies in another area would greatly enhance the functionality of the product.
vssetup - agree that exposing the policyid in the Security center and the vssetup is necessary (and in fact my impression is that it may have been exposed in prior versions).
Virusscan scan now option - Agree that an option to right click the icon and select scan now would be appropriate.
As always, the items above will probably be vetted within Mcafee and added to a feature list if appropriate. Where they end up on the feature list, and when they will be added to the product is unknown, but Mcafee is listening and recommend that if you have feature requests, be sure to leave them clear, concise and emotionally neutral feedback within the product. While you are probably frustrated when leaving feedback, typically anyone receiving the email will react negatively to negative feedback.
Great work. All the best with the further development on that front.
Our ideas (Yours, Argint's and mine) seem to have found the right audience at the moment and i am mighty pleased with the results so far. This is heartening to see that McAfee is interested in hearing what the users have to say about the same.
While you are working with them, I for one, Will be very happy to test the product whenevr they want to put that out for beta testing and we can keep our ideas rolling under this forum.
Today is a good day !