I need automatic instalation mcafee agent and virusscan when my workstation is inserted into the microsoft domain (I use EPO 4.6 in my network). It's possible? How to procedure?
Well if you have a RSD sensor on that domains subnet, when it detects a machine, you can create an automatic response to filter for the specific machines, then have the response move those machines to a specific node in your system tree. From there, have a client task to deploy MA & VSE to machines in that node.
Menu > Automation > Automatic Responses > New Response
Denis Leal wrote:
I don´t have RSD Detection in my enviroment. You have a link to install RSD?
You should be able to go to Menu > Software > Software Manager, search for it in there and install the extension and add it in your master repository. From there just deploy a sensor on a server in whatever subnet and it will start detecting systems that don't have MA on it; which can be viewed from Menu > Systems > Detected systems once you get the extension installed.
Otherwise you should be able to log into the McAfee portal site with your grant number and download it from there also if you want to go the RSD route.
I install RDS.
I created an OU called transition, where all my computers are added to the Windows domain are automatically entered into this OU.
I need all the machines to the domain EPO is inserted please check whether this station has the agent and virusscan. If you do not have the EPO will install automatically.
What should I do configurations (filter, aggregation and action) so I enable RDS?
So basically you have a RSD sensor deployed now; it is picking up machines via layer 2 traffic that DO NOT have a McAfee Agent installed on it that correspond to the ePO DB you are using.
So for the next steps of the automatic response:
Filter - this is to define what criteria you want the response to move to your system tree. You can create filters for servers/workstations/specific IP ranges/specific OS's; basically filter for whatever you want moved from a RSD detection to your system tree.
Aggregation - I would select "Trigger this response for every event"
Action - Drop down and select "Add to System Tree", then specify the node of the system tree you want them moved to.
Once that is completed and you have saved the response, delete all your detections within RSD, and then the new detections should start being moved to your system if your filtering criteria is correct.. you may need to restart McAfee services, I can't remember exactly.
ALSO - I wouldn't be posting screenshots without scrubbing them first - someone can now see your domain, subnets, IP's, hsotnames, MAC, etc.. just isnt good security practice.