3 Replies Latest reply on Mar 5, 2015 6:35 AM by andrep1

    Server Specific Policies, how to arrange?


      OK, having no experience of reference about setting up McAfee, just lookign for some advice on policies. this is an example of what I have done for a speicfic app.


      I have created a container where I will put my SQL servers. I have created a new "On-A Default Process poliy" for SQL using the exceptions list here : https://kc.mcafee.com/corporate/index?page=content&id=KB67211


      See screenshot for my VSE policies applied. Does this look about right - do you need a custom policy for each VSE default policy.?


        • 1. Re: Server Specific Policies, how to arrange?

          Looking good. If you have a automated way to move the systems in the system tree to apply the right policy, then even better.
          System sorting by tag, IP, AD sync or server tasks to move systems around.


          There's basically two ways to implement policies for VSE: 1 stick everything in one policy 2. create a policy for each device type.

          The first one has the potential to open "holes" on all your device but is much easier to manage, the second one is more secure but if you want to add one exception to all you devices then you have to update all your policies.

          • 2. Re: Server Specific Policies, how to arrange?

            Hi, Thanks fro the response. I run an ad synch frequently. In each menu in system tree I have the synch apply to certain OU's -

            How would i work it for machines that are missed. i.e. If someone created a new OU and it wasn't added to the system tree synch settings. Is that what rogue detection would do for me ?



            • 3. Re: Server Specific Policies, how to arrange?

              Try synching the whole domain to the top of your organization, then continue with synching specific ou. Unsorted devices will show up at the top of your tree or in their specific OU if you sort the structure of AD.

              RSD can help you as long as you have a sensor installed on every subnet, easier said than done.

              System that have the McAfee agent, but didn't sync will show up in Lost and found. The key really is to get the agent in an automated manner on all your systems.