7 Replies Latest reply on Dec 8, 2009 9:40 AM by araczek

    Settings for DISA "Best Practices" in ePO

    araczek

      Hi!

       

      I need to get VirusScan configured to satisfy a security scan. Attached you will find what was found. I have tried registry changes but they always seem

      to revert back t othe vulnerable setting. So what I would need is the equivilant settings in ePO or a "Best Practices" document (can't find the sticky) that

      will explain how to get this set.

       

      Best thing would be a policy I can edit and import into ePO. Any idea's??

       

      FYI

      ePO 4.5 with 3.6 agent (have not gotten to updating agents)

      VirusScan 8.5

        • 1. Re: Settings for DISA "Best Practices" in ePO
          GWIRT

          Moving to VSE community.

          • 2. Re: Settings for DISA "Best Practices" in ePO
            araczek

            Why is my stuff continually moved? THis is basically an ePO question and you moved it to VSE?? I need to know how this is done in EPO.

            • 3. Re: Settings for DISA "Best Practices" in ePO
              GWIRT

              Sorry for the inconvenience but the extension and settings for the Point Products in ePO are managed by the Point Product teams. This is why this is a VSE question and not an ePO question.

               

              The goal is to get you the best answer to your question possible.

               

              Hope this makes sense.

              • 4. Re: Settings for DISA "Best Practices" in ePO

                Translating from the registry entry back to the EPO setting isn't logical or too easy. I'll have a look tomorrow and try and convert them for you. Logically I can look at the results and tell you which setting equals what, but again it does make things a little difficult trying to translate them all.

                 

                Plus I don't have access to an EPO server at the moment, which does make things a little harder!

                • 5. Re: Settings for DISA "Best Practices" in ePO

                  Here's my take on where the various registry keys are in the VSE Console (and also will be in the same sort of place in the policy on EPO)

                   

                   

                  The value of Software\McAfee\VSCore\On Access Scanner\McShield\Configuration\Alert_UsersCanRemove does not equal 0.

                   

                  On-Access Scanner / Properties / Messages / Actions available to user / Remove Messages from list (unticked equals 0)

                   

                   

                  The value of Software\McAfee\VSCore\On Access Scanner\McShield\Configuration\Alert_UsersCanDelete does not equal 1.

                   

                  On-Access Scanner / Properties / Messages / Actions available to user / Delete Files (unchecked equals 0)

                   

                   

                  The value of Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\ActionOptions\uAction does not equal 2.

                  The value of Software\McAfee\VSCore\Email scanner\Outlook\OnDelivery\ActionOptions\dwPromptButton does not equal 31.

                   

                  Not sure on these, but they are related to the Outlook scanning settings in VSE.

                   

                   

                  The value of Software\McAfee\DesktopProtection\Tasks\{21221C11-A06D-4558-B833-98E8C7F6C4D2}\ uSecAction does not equal 2.

                   

                  Full Scan / Properties / Actions / If the first action fails, then perform this action / (2 is "prompt for action")

                   

                   

                  The value of Software\McAfee\VSCore\On Access Scanner\BehaviourBlocking\VSIDBlockTimeout is not >= 30.

                   

                  On-Access Scanner / Properties /Blocking / Block /  Block the connection when a threat is detected in a shared folder. Unblock connections are X minutes (less than 30)

                   

                   

                  The value of Software\McAfee\VSCore\On Access Scanner\BehaviourBlocking\VSIDBlockOnNonVirus does not equal 1.

                   

                  On-Access Scanner / Properties / Blocking / Block / Block the connection when a file with a potentially unwanted program is detected in a shared folder (unticked equals 0)

                   

                   

                  The value of Software\McAfee\VSCore\On access scanner\McShield\Configuration\default\ScanArchives does not equal 1.

                   

                  On-Access Scanner / Properties /  All Processes /  Scan Items / Scan inside archives (eg zip)  (unticked equals 0)

                   

                   

                  The value of Software\McAfee\VSCore\On access scanner\McShield\Configuration\default\ScanMime does not equal 1.

                  On-Access Scanner / Properties /  All Processes /  Scan Items / Decode Mime encoded files (unticked equals 0)

                   

                  The value of Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\ActionOptions\uAction does not equal 2.

                   

                  Again related to the Outlook scan

                   

                   

                  The value of Software\McAfee\VSCore\On Access Scanner\BehaviourBlocking\dwMaxLogSizeMB_Ent is not >= 64.


                  Buffer Overflow Protection / Properties / Reports / Limit the size of the log file. (needs to be > 64Mb)

                   

                   

                  The value of Software\McAfee\VSCore\On Access Scanner\McShield\Configuration\dwMaxLogSizeMB is not >= 100.

                   

                  On-Access Scanner / Properties /  Reports / Limit the size of the log file. (needs to be > 100Mb)

                   

                   

                  The value of Software\McAfee\VSCore\On Access Scanner\McShield\Configuration\bLogSettings does not equal 1.

                   

                  On-Access Scanner / Properties /  Reports / What to log in addition to scanning activity / Session Settings (checked equals 1)

                   

                   

                  The value of Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\ReportOptions\dwMaxLogSizeMB is not >= 100.

                  The value of Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\ReportOptions\dwLogEvent does not equal 304.

                  Again related to the Outlook scan.

                   

                   

                  The value of Software\McAfee\DesktopProtection\Tasks\{21221C11-A06D-4558-B833-98E8C7F6C4D2}\ uKilobytes is not >= 20480.

                   

                  Full Scan / Properties / Reports / Limit the size of the log file /  Maximum size of log file (must be > 20 Mb)

                   

                   

                  The value of Software\McAfee\DesktopProtection\Tasks\{21221C11-A06D-4558-B833-98E8C7F6C4D2}\ bLogSettings does not equal 1.

                   

                  Full Scan / Properties / Reports / What to log in addition to scanning activity /  Session settings (checked equals 1)

                   

                  • 6. Re: Settings for DISA "Best Practices" in ePO
                    araczek

                    Thank you SO MUCH!  I was able to find most of them in EPO. Only ones I could not find were the FULL SCAN ones as I did not see a drop down

                    related to "Full Scan". Don't know why that's missing.

                     

                    But this was a tremenous help. Thanks for the effort.

                     

                     

                    Message was edited by: araczek on 12/8/09 10:24:36 AM GMT-05:00

                     

                     

                    Message was edited by: araczek on 12/8/09 10:25:04 AM GMT-05:00
                    • 7. Re: Settings for DISA "Best Practices" in ePO
                      araczek

                      Okay, found I could set most of FULL SCAN options in Client tasks. Only thing I did not see THERE was under "Actions" there was no "Prompt for action" in the drop down.