2 Replies Latest reply on Oct 20, 2015 10:00 AM by som shekar

    McAfee MOVE Multiplatform and Agentless Queries

    som shekar

      Hello everyone,

       

      Hope you are doing good!

       

      I have few queries McAfee MOVE Multi platform and Agentless in regards to Deployment , Configuration and Management, I would request you to help me

       

      Question 1: Differences/Advantages/Disadvantages between VSE(Virus Scan Enterprise) and MOVE(AGL and MP)?

       

      Question 2: How DAT file will update on VM Guest systems with MOVE(AGL and MP)?

       

      Question 3: How distributed repositories works with MOVE?

       

      Question 4: Is it mandatory to have Secondary OSS , why am i asking this question is ,each OSS can handle approx 300 systems and if I have 10000-systems approx 70-80 primary OSS are required , so is it required to configure Secondary OSS server's as well

       

      Question 5: Where are the quarantined files are stored ? on the OSS or MOVE AV guest VM or do we need to have any Network share folder to be configured

       

      Question 6: How the Scanning happens with MOVE MP? I understand that the files accessed for read and write operation on guest VM's is sent to OSS and an action is taken by OSS only but not with MOVE AV Client, Is OSS dependant on VSE to take action on Malwares or is there any scan engine with OSS for actioning.

       

      Question 7: If a process is excluded from scanning , the policy is assigned to OSS only or can we apply the policy to a specific system,?

       

      Question 8 : How about Policy management, are all the policies assigned to OSS only or the policies can be assigned for each guest VM's?

       

      Question 9: Can the MOVE AV client package be deployed through SCCM?

       

      Question 10: Do we need to install VSE for Linux on SVA Manager?

       

      I understand that with MOVE MP the disadvantages are as follows ,correct me if I am wrong

      There is no Access Protection and Bufferoveflow protection available, Instead we need to use HIPS

      There is no option to scan Mapped Network Drives, instead we need use VSES

      There is no option to import the VSE policies with MOVE

      Self protection(password) is only available for OSS and not for MOVE AV Client

      Scan Diagnostic Tool provides report based on OSS only

       

      Features available with MOVE AV MP in relevant to VSE, Correct me if I am wrong:

      Self protection : only for OSS and not for MOVE AV Client

      Quarantine : we can create client task to restore files from ePO

      Exclusions : Path, Filetype, Process exclusions are available

      Deployment : Through ePO and Manual installation

      Protection : OAS and ODS(instant and weekly scanning)

      Scan Cache: is available with OAS and ODS

       

      Thanks&Regards,

      Somashekar.

        • 1. Re: McAfee MOVE Multiplatform and Agentless Queries
          rajinp

          Question 1: Differences/Advantages/Disadvantages between VSE(Virus Scan Enterprise) and MOVE(AGL and MP)?

           

          Question 2: How DAT file will update on VM Guest systems with MOVE(AGL and MP)?

          [Engg]: The DAT will get updated only on SVA and not on guest VM's in case of AGL. In MP, it will get updated on OSS server systems.

           

          Question 3: How distributed repositories works with MOVE?

          [Engg]: Can you elaborate this questionand what is the usecase ?

           

          Question 4: Is it mandatory to have Secondary OSS , why am i asking this question is ,each OSS can handle approx 300 systems and if I have 10000-systems approx 70-80 primary OSS are required , so is it required to configure Secondary OSS server's as well

          [Engg]: Implement SVA Manager.

           

          Question 5: Where are the quarantined files are stored ? on the OSS or MOVE AV guest VM or do we need to have any Network share folder to be configured

          In MOVE AGL - It is on network shared driver.

          In MOVE MP - Individual clients systems.

           

          Question 6: How the Scanning happens with MOVE MP? I understand that the files accessed for read and write operation on guest VM's is sent to OSS and an action is taken by OSS only but not with MOVE AV Client, Is OSS dependant on VSE to take action on Malwares or is there any scan engine with OSS for actioning.

          [Engg]: The OSS loads the engine and does the scanning by ourselves. Not dependent on VSE.

           

          Question 7: If a process is excluded from scanning , the policy is assigned to OSS only or can we apply the policy to a specific system,?

          [Engg]: This is a client policy, that means it is applied to all individual client systems.

           

          Question 8 : How about Policy management, are all the policies assigned to OSS only or the policies can be assigned for each guest VM's?

          [Engg]: Yes.

           

          Question 9: Can the MOVE AV client package be deployed through SCCM?

          [Engg]: It depends on env. We recommend doing it via ePO.

           

          Question 10: Do we need to install VSE for Linux on SVA Manager?

          [Engg]: It is already bundled.

           

          I understand that with MOVE MP the disadvantages are as follows ,correct me if I am wrong

          There is no Access Protection and Bufferoveflow protection available, Instead we need to use HIPS

          [Engg]: Yes Correct.

          There is no option to scan Mapped Network Drives, instead we need use VSES

          [Engg]: There is option to scan network drives.

          There is no option to import the VSE policies with MOVE

          [Engg]: There is option. Please refer PG.

          Self protection(password) is only available for OSS and not for MOVE AV Client

          [Engg]: It is a client policy. Refer PG.

          Scan Diagnostic Tool provides report based on OSS only.

          [Engg]: Refer PG.

           

          Features available with MOVE AV MP in relevant to VSE, Correct me if I am wrong:

          Self protection : only for OSS and not for MOVE AV Client

          Quarantine : we can create client task to restore files from ePO

          Exclusions : Path, Filetype, Process exclusions are available

          Deployment : Through ePO and Manual installation

          Protection : OAS and ODS(instant and weekly scanning)

          Scan Cache: is available with OAS and ODS

          • 2. Re: McAfee MOVE Multiplatform and Agentless Queries
            som shekar

            Hello Rajinp,

             

            thank you for your reply