We have over 2300 nodes and currently have the artemis setting in VSE 8.7 via ePO set to disabled. I am toying with the idea of turning that setting to 'very low' and then monitoring for any false positives. Is there anything special than needs to be set in ePO to be alerted about Artemis alerts? I assume that they will be sent with our automatic response alerts when virus's get detected. What Artemis settings are other people using in their environment and has is caused any issues? I have read that for Artemis to work you need to set it to at least "Low". Not too sure if I am ready to set that yet as don't want to cause any false positives.
I think we use the Low setting in my environment.
Here's the descriptions (they can be hard to find!)
Disabled:Artemis Technology is turned off
Very Low:Equivalent to next day’s DATs. Get tomorrow's protection today. Recommendedinitial configuration
Low:Protection in addition to DATs.
Medium:Used when the risk of regular exposure to malware is greater than the risk of afalse positive.
High:Recommended for deployment to systems or areas which are regularly infected.
Very High:Recommended for use in email and On-Demand Scans on non-operating systemvolumes.
Thanks for your reply. I have created a custom policy for VSE 8.7i which has the setting set to low. This policy has been applied to several subnets/groups in our building. If all is well, then might consider pushing the low setting to the rest of the 2300 systems.
I also use the "Low" setting on 43,000 nodes. I had once used "Medium" but that turned out to be a little agressive as some system and network management tools used in various locations around the world were detected falsely.
Thanks for your reply.
It has given me more confidence.
Currently have the "Low" setting deployed to 23 systems in our IT dept as a test.
McAfee has some articles, one of which shows you how to verify artemis.
This consists of a test zip file, which will display an artemis virus alert if you have it configured right.
This works fine on any system we have as long as it is set to very low or higher.
I am assuming that this test virus makes the client do a DNS query to the cloud, GTI.
However, they have another document to verify network connectivity. they want you to perform a dnslookup on a particular dns enty.
On my workstation it will work once and then fail. On my bosses computer, it won't work at all even if she points the DNS to off-campus like to the google dns at 184.108.40.206.
Has anyone seen this behavior. Testing connectivity Perform a manual lookup using nslookup to verify that your computer can see the Global Threat Intelligence server. Click Start, Run, type cmd, and press ENTER.
Type nslookup 4z9p5tjmcbnblehp4557z1d136.avqs.mcafee.com and press ENTER.
You see a response similar to the following:
Server: Address: 10.10.135.201
Message was edited by: twenden on 9/30/11 10:03:29 AM CDT
Message was edited by: twenden on 9/30/11 10:04:01 AM CDT
Message was edited by: twenden on 9/30/11 10:04:46 AM CDTMessage was edited by: twenden on 9/30/11 10:05:26 AM CDT