4 Replies Latest reply on Feb 28, 2017 5:21 PM by wjmarche

    SBS2011 - Install

    wwwiii

      I want to install Endpoint Security  10.5 On my SBS2011 server.  I am running exchange 2010 and sharepoint.  Do I need to do any special configuration for exchange server? or does the wizard take care of it?

       

      Thanks,

       

      Bill

        • 1. Re: SBS2011 - Install
          johnmoe

          This article has information about how to configure ENS for various products (including Exchange): https://kc.mcafee.com/corporate/index?page=content&id=KB66909

          • 2. Re: SBS2011 - Install
            wwwiii

            Thank you.  My workstations and my server are managed from the cloud at manage.mcafee.com.  The next question is, after the install, can I do the config right at the server? or do I have to do it from the cloud?

             

            Bill

            • 3. Re: SBS2011 - Install
              johnmoe

              I haven't used the cloud management, but I presume it's much the same as a local ePO.  If so then it'd depend on how your policies are configured; if the cloud policies are set to overwrite the local ones, then you'll have to do it in the cloud. If they're not set to overwrite, then you could do it from either location.

              • 4. Re: SBS2011 - Install
                wjmarche

                ePO-Cloud does not have much difference from an on-promise ePO, so I suggest you to duplicate the policy (by following the best practices of the product):

                 

                Endpoint Security Threat Prevention : Policy Category > On-Access Scan > My Default

                 

                And then, enable on the Process Settings section ---> Configure different settings for High-Risk and Low-Risk processes

                 

                NOTE: all the path you find for the exchange server and sharepoint should be added in both "Standard" and "low-risk" exclusions section. Also, all the processes must be added and classified as low-risk.

                 

                If after setting and applying this policy, you're still having any problem, you may check locally on the server:

                 

                C:\ProgramData\McAfee\Endpoint Security\Logs\AccessProtection.log

                C:\ProgramData\McAfee\Endpoint Security\Logs\OnAccessScan.log

                 

                You will see some lines with the process that is being blocked and the rule, so you can take the process missing and add it as exclusion.

                 

                NOTE: in case the process triggered an access protection rule, you must add that process as an exclusion on the rule shown.

                 

                Regards,

                Wilfredo