Transcript
Product Guide
McAfee Help Desk 2.0 Software
About Help Desk McAfee® Help Desk is an extension installed in McAfee® ePolicy Orchestrator® (McAfee ePO™). Administrators use McAfee Help Desk to issue challenge/response keys for uninstalling protected applications, removing files from quarantine, and temporarily bypassing security policies when there is a legitimate business need. McAfee Help Desk version 2.0 works with: •
McAfee ePolicy Orchestrator 4.5 and later
•
McAfee® Data Loss Prevention Endpoint 9.2 and later
•
McAfee® Client Proxy 1.0.0.203 and later
Functions of McAfee Help Desk software McAfee Help Desk software version 2.0 works with McAfee DLP Endpoint software and McAfee Client Proxy software, and has similar functionality in both situations. All operations are logged to the ePolicy Orchestrator audit log.
Quarantine release Quarantine release is required when McAfee DLP Discover finds file system or email storage files with sensitive content and places them in quarantine. To release the files from quarantine, the user must request a quarantine release code from the administrator.
Policy bypass A user can be given permission to access or transfer sensitive information for a limited time. When this is done, all sensitive information is monitored, rather than blocked, according to existing rules. Both the user and the system administrator receive messages about the bypass status when it is enabled and disabled (the user by a pop‑up message, and the administrator by an event entry in the ePO Event Monitor).
Client uninstall Both the McAfee DLP Endpoint client and McAfee Client Proxy are protected from unauthorized removal. While they are typically uninstalled from ePolicy Orchestrator by the McAfee ePO administrator, there are situations where they need to be uninstalled in the field using the Microsoft Windows Add or Remove Programs function. This can be done when a challenge/response key has been issued.
1
How release keys work McAfee Help Desk software allows administrators to create release keys for situations outside the normal workflow. McAfee content security software uses a challenge/response mechanism to bypass security in special cases. When a situation affects multiple users, a slightly different mechanism is applied.
Individual release keys Examples of situations requiring an individual release key are: •
A user needs to release emails from quarantine to delete sensitive information.
•
McAfee content security software needs to be uninstalled, but ePolicy Orchestrator can't be used because the computer is outside the corporate network.
•
A user has a valid business reason to perform a one‑time operation that is blocked by a security policy.
In such situations, the endpoint user in McAfee Client Proxy opens a pop‑up window that displays an Identification Code ( the challenge) and Policy Revision information. In McAfee DLP Endpoint, the Tasks tab in the DLP Policy console contains this information. This is communicated, typically by phone, text message, or email, to an administrator who enters the information into McAfee Help Desk and generates a Release Code (the response). The administrator communicates the release code back to the user, who enters it in the appropriate text box and continues with the release, bypass, or uninstall task.
Master release keys Examples of situations requiring a master release code are: •
An error in a discovery rule might quarantine non‑sensitive files across the entire network.
•
An error in a plug‑and‑play device rule might disconnect hundreds of computers from the network, requiring removal and re‑installation of the McAfee DLP Endpoint client.
Release keys generated with a master release code are not keyed to the entry of a challenge code generated by a specific McAfee client, and thus can be used by any computer in the network. To prevent misuse they are time limited, and must be applied within 60 minutes of being generated.
Set up McAfee Help Desk software After McAfee Help Desk is installed in ePolicy Orchestrator, you must set the permissions for the administrators. Tasks •
Install the McAfee Help Desk extension on page 2 When McAfee Help Desk is not installed with McAfee Client Proxy or McAfee DLP Endpoint, you can install it independently in ePolicy Orchestrator
•
Add administrator permissions on page 3 After installation, add permissions for McAfee Help Desk administrators.
Install the McAfee Help Desk extension When McAfee Help Desk is not installed with McAfee Client Proxy or McAfee DLP Endpoint, you can install it independently in ePolicy Orchestrator
2
Task For option definitions, click ? in the interface. 1
In ePolicy Orchestrator, select Menu | Software | Extensions, then click Install Extension.
2
Click Browse and select the McAfee Help Desk .zip file (..\HelpDeskTool.zip). Click Open, then OK. The installation dialog box displays the file parameters to verify that you are installing the correct extension.
3
Click OK. The extension is installed.
Add administrator permissions After installation, add permissions for McAfee Help Desk administrators. The default is to grant permissions only to the administrator who installs the extension. If you log on as a different administrator, you do not see any services and thus cannot use the software. Task For option definitions, click ? in the interface. 1
In McAfee ePolicy Orchestrator, select Menu | User Management | Permission Sets.
2
In the left pane, select an administrator who will have McAfee Help Desk permissions. In the right pane, select Help Desk Actions and click Edit. The available actions appear for each installed point product.
3
Select actions and click Save. Granular options are provided to allow large organizations to divide the workload and responsibility as required. The option Generate master response key becomes available when any other option is selected.
Understanding revision numbers Revision numbers are automatically assigned to policies, and are used for troubleshooting and agent bypass key creation. All McAfee Help Desk functions create release codes using revision numbers, referred to as the Policy Revision in the McAfee Client Proxy bypass request pop‑up window, and as Revision ID on the DLP Policy console Tasks tab. For McAfee DLP Endpoint bypass release codes, use of the revision number is optional, but it is the default setting. When McAfee DLP Endpoint or McAfee Client Proxy creates a policy, the policy is assigned the revision number 1. This number is incremented each time the policy is changed. In addition to being used for requesting an agent bypass or uninstall key, the revision number is important for supporting troubleshooting processes, to ensure that policy changes are actually applied to the endpoint computers. Both the McAfee DLP Endpoint policy console in ePolicy Orchestrator and the DLP Policy console on the client computer display the current policy revision number.
3
Create response keys An administrator generates a response key for each challenge key request. Alternately, a master release code can be generated when multiple computers are involved. All response keys require similar entries. The following differences should be noted: •
McAfee Client Proxy bypass and uninstall keys take the password from the selected policy, that is, the generated response key works with only one policy. The policy revision number is required and is verified when you generate the key.
•
For McAfee DLP Endpoint bypass, quarantine release, and uninstall keys, the policy revision number is the preferred option (default in the McAfee Help Desk interface), but you also have the options of taking the password from the policy or entering it manually.
•
Bypass keys have a set duration. You can set a time from 15 minutes to 30 days. Shutting down or restarting the computer does not affect the timer.
•
Master release codes must be activated within 60 minutes. For bypass keys, the duration they are active is set as in regular bypass release keys.
Table 1
Response key form
Field
Notes
End user name
Required field. Must be a valid user name. Validated against Windows AD.
End user email address
Required field. Must match user name. Validated when the key is generated.
End user computer name
Optional field.
Request details (Business reason)
Optional field.
Client bypass password
For McAfee Client Proxy requests, the password consists of the current policy name and revision number. Policy name is selected from a list of valid McAfee Client Proxy policies in the ePolicy Orchestrator Policy Catalog. The revision number is supplied by the user requesting the bypass key. For McAfee DLP Endpoint requests, the default is to create a password from the policy Revision ID supplied by the user. You can also use the password from the current policy, or enter it manually.
Identification code
Required field, supplied by the user. Alternately, select Use master release code.
Bypass duration
Required field in bypass release keys only. The default is15 minutes.
Task For option definitions, click ? in the interface. 1
In ePolicy Orchestrator, select Menu | Systems | Help Desk. McAfee Help Desk service options for the available point products are displayed. If you do not see a particular product, either that point product is not installed or you do not have permission to author response keys for that product.
2
Select a service option and fill in the text fields. Click Generate Key when you have finished. McAfee Help Desk verifies entries when you attempt to generate the key and gives you feedback on any errors.
4
Copyright © 2013 McAfee, Inc. Do not copy without permission. McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. 00
5
