4 Replies Latest reply on Sep 30, 2011 10:05 AM by twenden

    McAfee VirusScan Artemis setting via ePO

    twenden

      We have over 2300 nodes and currently have the artemis setting in VSE 8.7 via ePO set to disabled.  I am toying with the idea of turning that setting to 'very low' and then monitoring for any false positives. Is there anything special than needs to be set in ePO to be alerted about Artemis alerts? I assume that they will be sent with our automatic response alerts when virus's get detected.  What Artemis settings are other people using in their environment and has is caused any issues? I have read that for Artemis to work you need to set it to at least "Low". Not too sure if I am ready to set that yet as don't want to cause any false positives.

        • 1. Re: McAfee VirusScan Artemis setting via ePO
          ittech

          I think we use the Low setting in my environment.

           

          Here's the descriptions (they can be hard to find!)

           

          SensitivityLevel Descriptions

           

          Disabled:Artemis Technology is turned off

           

          Very Low:Equivalent to next day’s DATs. Get tomorrow's protection today. Recommendedinitial configuration

           

          Low:Protection in addition to DATs.

           

          Medium:Used when the risk of regular exposure to malware is greater than the risk of afalse positive.

           

          High:Recommended for deployment to systems or areas which are regularly infected.

           

          Very High:Recommended for use in email and On-Demand Scans on non-operating systemvolumes.

          1 of 1 people found this helpful
          • 2. Re: McAfee VirusScan Artemis setting via ePO
            twenden

            Thanks for your reply. I have created a custom policy for VSE 8.7i which has the setting set to low. This policy has been applied to several subnets/groups in our building. If all is well, then might consider pushing the low setting to the rest of the 2300 systems.

            • 3. Re: McAfee VirusScan Artemis setting via ePO
              HBullock

              I also use the "Low" setting on 43,000 nodes. I had once used "Medium" but that turned out to be a little agressive as some system and network management tools used in various locations around the world were detected falsely.

              1 of 1 people found this helpful
              • 4. Re: McAfee VirusScan Artemis setting via ePO
                twenden

                Thanks for your reply.

                It has given me more confidence. 

                Currently have the "Low" setting deployed to 23 systems in our IT dept as a test.  

                 

                McAfee has some articles, one of which shows you how to verify artemis.

                This consists of a test zip file, which will display an artemis virus alert if you have it configured right.

                This works fine on any system we have as long as it is set to very low or higher. 

                I am assuming that this test virus makes the client do a DNS query to the cloud, GTI.  

                However, they have another document to verify network connectivity. they want you to perform a dnslookup on a particular dns enty.

                On my workstation it will work once and then fail. On my bosses computer, it won't work at all even if she points the DNS to off-campus like to the google dns at 8.8.8.8.

                Has anyone seen this behavior.    Testing connectivity Perform a manual lookup using nslookup to verify that your computer can see the Global Threat Intelligence server.      Click Start, Run, type cmd, and press ENTER.    

                Type nslookup 4z9p5tjmcbnblehp4557z1d136.avqs.mcafee.com and press ENTER.     

                You see a response similar to the following:     

                Server:     Address: 10.10.135.201    

                Name: 4z9p5tjmcbnblehp4557z1d136.avqs.mblmcafee.com    

                Address: 127.0.4.8

                 

                Message was edited by: twenden on 9/30/11 10:03:29 AM CDT

                 

                Message was edited by: twenden on 9/30/11 10:04:01 AM CDT

                 

                Message was edited by: twenden on 9/30/11 10:04:46 AM CDT

                 

                Message was edited by: twenden on 9/30/11 10:05:26 AM CDT