revision 1.0
ProtectionPilot
Installation Guide
revision 1.0
ProtectionPilot
COPYRIGHT
Copyright 2006 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN (STYLIZED E), DESIGN (STYLIZED N), ENTERCEPT, EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE, GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA), INTRUSHIELD, INTRUSION PREVENTION THROUGH INNOVATION, MCAFEE, MCAFEE (AND IN KATAKANA), MCAFEE AND DESIGN, MCAFEE.COM, MCAFEE VIRUSSCAN, NET TOOLS, NET TOOLS (AND IN KATAKANA), NETSCAN, NETSHIELD, NUTS & BOLTS, OIL CHANGE, PRIMESUPPORT, SPAMKILLER, THREATSCAN, TOTAL VIRUS DEFENSE, VIREX, VIRUS FORUM, VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN KATAKANA), WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. The color red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
Attributions
This product includes or may include: Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). Cryptographic software written by Eric A. Young and software written by Tim J. Hudson. Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software covered under the GPL which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein. Software originally written by Henry Spencer, Copyright 1992, 1993, 1994, 1997 Henry Spencer. Software originally written by Robert Nordier, Copyright 1996-7 Robert Nordier. Software written by Douglas W. Sauder. Software developed by the Apache Software Foundation (http://www.apache.org/). A copy of the license agreement for this software can be found at www.apache.org/licenses/LICENSE-2.0.txt. International Components for Unicode (ICU) Copyright 1995-2002 International Business Machines Corporation and others. Software developed by CrystalClear Software, Inc., Copyright 2000 CrystalClear Software, Inc. FEAD Optimizer technology, Copyright Netopsystems AG, Berlin, Germany. Outside In Viewer Technology 1992-2001 Stellent Chicago, Inc. and/or Outside In HTML Export, 2001 Stellent Chicago, Inc. Software copyrighted by Thai Open Source Software Center Ltd. and Clark Cooper, 1998, 1999, 2000. Software copyrighted by Expat maintainers. Software copyrighted by The Regents of the University of California, 1996, 1989, 1998-2000. Software copyrighted by Gunnar Ritter. Software copyrighted by Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A., 2003. Software copyrighted by Gisle Aas. 1995-2003. Software copyrighted by Michael A. Chase, 1999-2000. Software copyrighted by Neil Winton, 1995-1996. Software copyrighted by RSA Data Security, Inc., 1990-1992. Software copyrighted by Sean M. Burke, 1999, 2000. Software copyrighted by Martijn Koster, 1995. Software copyrighted by Brad Appleton, 1996-1999. Software copyrighted by Michael G. Schwern, 2001. Software copyrighted by Graham Barr, 1998. Software copyrighted by Larry Wall and Clark Cooper, 1998-2000. Software copyrighted by Frodo Looijaard, 1997. Software copyrighted by the Python Software Foundation, Copyright 2001, 2002, 2003. A copy of the license agreement for this software can be found at www.python.org. Software copyrighted by Beman Dawes, 1994-1999, 2002. Software written by Andrew Lumsdaine, Lie-Quan Lee, Jeremy G. Siek 1997-2000 University of Notre Dame. Software copyrighted by Simone Bordet & Marco Cravero, 2002. Software copyrighted by Stephen Purcell, 2001. Software developed by the Indiana University Extreme! Lab (http://www.extreme.indiana.edu/). Software copyrighted by International Business Machines Corporation and others, 1995-2003. Software developed by the University of California, Berkeley and its contributors. Software developed by Ralf S. Engelschall <rse@engelschall.com> for use in the mod_ssl project (http:// www.modssl.org/). Software copyrighted by Kevlin Henney, 2000-2002. Software copyrighted by Peter Dimov and Multi Media Ltd. 2001, 2002. Software copyrighted by David Abrahams, 2001, 2002. See http://www.boost.org/libs/bind/bind.html for documentation. Software copyrighted by Steve Cleary, Beman Dawes, Howard Hinnant & John Maddock, 2000. Software copyrighted by Boost.org, 1999-2002. Software copyrighted by Nicolai M. Josuttis, 1999. Software copyrighted by Jeremy Siek, 1999-2001. Software copyrighted by Daryle Walker, 2001. Software copyrighted by Chuck Allison and Jeremy Siek, 2001, 2002. Software copyrighted by Samuel Krempp, 2001. See http://www.boost.org for updates, documentation, and revision history. Software copyrighted by Doug Gregor (gregod@cs.rpi.edu), 2001, 2002. Software copyrighted by Cadenza New Zealand Ltd., 2000. Software copyrighted by Jens Maurer, 2000, 2001. Software copyrighted by Jaakko Jrvi (jaakko.jarvi@cs.utu.fi), 1999, 2000. Software copyrighted by Ronald Garcia, 2002. Software copyrighted by David Abrahams, Jeremy Siek, and Daryle Walker, 1999-2001. Software copyrighted by Stephen Cleary (shammah@voyager.net), 2000. Software copyrighted by Housemarque Oy <http://www.housemarque.com>, 2001. Software copyrighted by Paul Moore, 1999. Software copyrighted by Dr. John Maddock, 1998-2002. Software copyrighted by Greg Colvin and Beman Dawes, 1998, 1999. Software copyrighted by Peter Dimov, 2001, 2002. Software copyrighted by Jeremy Siek and John R. Bandela, 2001. Software copyrighted by Joerg Walter and Mathias Koch, 2000-2002. Software copyrighted by Carnegie Mellon University 1989, 1991, 1992. Software copyrighted by Cambridge Broadband Ltd., 2001-2003. Software copyrighted by Sparta, Inc., 2003-2004. Software copyrighted by Cisco, Inc. and Information Network Center of Beijing University of Posts and Telecommunications, 2004. Software copyrighted by Simon Josefsson, 2003. Software copyrighted by Thomas Jacob, 2003-2004. Software copyrighted by Advanced Software Engineering Limited, 2004. Software copyrighted by Todd C. Miller, 1998. Software copyrighted by The Regents of the University of California, 1990, 1993, with code derived from software contributed to Berkeley by Chris Torek.
PATENT INFORMATION
Protected by US Patents 6,470,384; 6,493,756; 6,496,875; 6,553,377; 6,553,378.
Contents
1 Introducing ProtectionPilot . . . . . . 7
Maximum number of managed computers . Supported products . . . . . . . . . . . . . . . . . . . Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . Database . . . . . . . . . . . . . . . . . . . . . . . . . . . Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 7 7 8 8 9 What to do after installation . . . . . . . . . . . . Automatic DAT and engine updates . . . Manual upgrade of the agent . . . . . . . . . Novell environment . . . . . . . . . . . . . . . . Proxy settings for the server . . . . . . . . . Windows Firewall exceptions on the server . . . . . . . . . . . . . . . . . . . . . 24 24 24 24 24 24
6 Migrating to a Licensed Version of the Software . . . . . . . . . . . . . . . 29 7 Uninstalling the Software . . . . . . 31 A Things to Know Before Installation . . . . . . . . . . . . . . . . . . . 33
Computer organization . . . . . . . . . . . . . . . . Credentials . . . . . . . . . . . . . . . . . . . . . . . . . Database software . . . . . . . . . . . . . . . . . . . Firewall software . . . . . . . . . . . . . . . . . . . . . GroupShield for Exchange . . . . . . . . . . . . . Installing into a Novell environment . . . . . . Putting existing McAfee products under management . . . . . . . . . . . . . . . . . . . . . . . . Replacing Symantec AntiVirus with VirusScan . . . . . . . . . . . . . . . . . . . . . . 33 33 34 35 36 36 36 36
Installation Guide
Contents
vi
ProtectionPilot software
Introducing ProtectionPilot
McAfee ProtectionPilot software is a security management system that simplifies security management tasks for network administrators who manage up to 500 computers. Management consists of deploying (sending and installing) security products, configuring product settings, and keeping those products up-to-date. The software is a system made up of these components: server, console, database, and agent.
1
Consoles
Server
Executing all console requests and handling the exchange of data from the console and agents to the database, the ProtectionPilot server does the majority of the work of the software.
Agents
Server
Database
Supported products
For a list of the McAfee products you can manage using the McAfee ProtectionPilot software, see the ProtectionPilot Release Notes (ReadMe.txt).
Figure 1-1. How the server handles data received from agents and the console
Installation Guide
Introducing ProtectionPilot
Console
The piece you interact with directly to execute tasks and view data is the ProtectionPilot console. Although a console is always installed with the server, you can also install it separately. In this case, it is called a remote console because it is used to access the server remotely (from a different computer). Remote consoles are useful if you need to access the server from another computer or location; for example, if access to the server room is restricted or isnt set up as a work space.
Database
The core component of ProtectionPilot is the database, which stores all data about those computers and products you are managing with the software. Typically, the database is installed on the same computer as the server (local database), but you can also install it on a different computer (remote database). You can even take advantage of an existing database.
Server
Console
Database
Server
Computer
Computer
Computer Computer
Figure 1-2. Relationship between the console, remote consoles, and the server
Database
Computer
Figure 1-4. Remote database
ProtectionPilot software
Agent
Agent
The ProtectionPilot agent is the key to remotely managing products. Installed on each computer, it deploys products, updates detection definition (DAT) files and the scanning engine, and upgrades existing products with service pack and patch releases. It also gathers data about installed security products, the computer, and infection and system activity. In addition, it ensures that requests from the server are executed and re-executed or enforced as needed. For example, if a user removes the security product you have defined for the computer, the agent will reinstall the product automatically.
Managed Computer Agent Managed Products
Server
Figure 1-5. Relationship between the agent, managed computer and products, and the server
Installation Guide
Introducing ProtectionPilot
10
ProtectionPilot software
Installation Guide
11
Insert the CD into the CD-ROM drive of the computer. In the autorun window, select the desired language, then select Install ProtectionPilot. In the McAfee ProtectionPilot Setup wizard, click Next to begin the installation. To learn about the latest product information, resolved issues, any known issues, and last-minute additions or changes to the product or its documentation, click View Readme.
In the McAfee End User License Agreement dialog box, select the appropriate license type and the country in which you purchased the software. The license type must match the license you purchased. If you are unsure which license you purchased, contact the person who sold you the software.
NOTE
In the Server Installation Options dialog box, type and confirm the password you want to use when starting consoles.
If the license agreement does not display correctly, read the appropriate license in the License Agreement (.pdf) file supplied with the software.
5
Read the entire license agreement carefully, select I accept the terms in the license agreement to agree to the license terms, then click OK.
12
ProtectionPilot software
In the Select Database Server dialog box, specify the desired database:
In the Database Server Account dialog box, specify the user account that the server will use to connect to the database: Specify the authentication method of the database by selecting This is an NT account or This is a SQL Server account. If you dont know the authentication method or password on the system administrator (sa) user account, we recommend selecting Windows NT authentication.
To install the default MSDE 2000 database, select Install a database server on this computer and use it. The system administrator (sa) user account on the database is assigned the server password you specified in Step 7.
NOTE
If you select this option, skip to Step 10 on page 14. To use a local MSDE 2000 or SQL Server database, select Use the existing database server on this computer. Select the desired database instance in Database instance name. To use a remote SQL Server database, select
Use an existing database server on the network. Select the desired database server, or type its name in Database server name.
In a domain environment, type the NetBIOS name of the domain to which the database server belongs, and a user account with domain administrator permissions in that domain. In a workgroup environment, type the workgroup name and a user account with local administrator permissions on the database server computer.
For SQL Server authentication:
Installation Guide
13
Installing the Server and Console 10 In the HTTP Configuration dialog box, specify Security Threats communication Displays the port number (8801) that the server uses for outbound communication to the McAfee Avert Labs website. You cannot change this port number. Server-to-agent communication Specifies the port number (default is 8081) that the server uses for outbound communication to agents. NOTE
the port numbers used for communication to and from the server. When you click Next, the Setup program verifies whether any of these ports are already in use on this computer. If you dont know which port numbers are already being used by other services, we recommend incrementing the number by one until no conflicts are found.
This port must also be available on all managed computers. The Setup program can only verify whether it is in use on this computer.
11 In the Update DAT and Engine dialog box,
specify whether you want to retrieve the latest detection definition (DAT) files and scanning engine from the McAfee website right now. If this computer doesnt have Internet access, deselect this option.
know which port numbers are available, we recommend using the default port numbers by selecting this option.
Agent-to-server communication
Specifies the port number (default is 81) that the server uses for inbound communication with agents.
Console-to-server communication
Figure 2-6. Update DAT and Engine dialog box
Specifies the port number (default is 82) that the server uses for inbound communication with the console and remote consoles.
Agent Broadcast communication Specifies the port number (default is 8082) that the server uses for outbound communication with agents when performing immediate tasks, such as Update and Scan.
to begin the installation. This dialog box includes the estimated time needed to complete the installation. The Executing Setup dialog box appears and provides the status of the installation.
14
ProtectionPilot software
In the Welcome dialog box, click Next to begin. In the Add Group Wizard, click Next to define how to organize the computers you want to manage into groups. A group is a collection of computers that share common characteristics. Groups simplify management by allowing you to perform tasks on all computers in a group at once. Youll need to repeat these steps for each group you want to create.
By domain or workgroup membership: Select Domain name, select the domain or
By IP address: a Select Group name, type a descriptive and unique name in the box, then click Next. b In the Add Group Wizard Specify IP settings, click Add to open the IP Management dialog box. You can define
three times. Examples of logical groupings include geographic location or computer type, such as server versus workstation.
Figure 2-8. Add Group Wizard Specify IP settings
To specify an IP address range, type the beginning and ending IP addresses in the range in IP range, then click OK. Use this format: XXX.XXX.XXX.XXX, where X is 0 255; for example, 161.69.0.0 161.69.255.255. To specify an address mask, type the address mask and number of significant bits in IP subnet mask, then click OK. Use this format: XXX.XXX.XXX.XXX/YY, where X is 0 255 and Y is 0 32.
Figure 2-7. Add Group Wizard Specify group name
For example, the address mask of 161.69.0.0/16 equals the range 161.69.0.0 161.69.255.255. The address mask of 161.69.255.0/18 equals the range 161.69.192.0 161.69.255.255.
c When youre done defining the IP settings, click Next twice.
Installation Guide
15
To add another group, answer Yes when asked Do you want to add more groups now?, then click Finish. For instructions, see Defining how to organize computers on page 15. When youre done adding groups, answer No when asked Do you want to add more groups now?, then click Finish. Groups appear in the console immediately.
Using logical groupings: select In an existing group, then select the desired group from the list. By IP address: select According to group IP settings or domain names.
In the Add Computers Wizard, click Next to select which computers belong in the groups you just created, and to deploy the selected products to them after putting them under management. Youll need to repeat these steps and those in Putting computers under management on page 16 for each group you created. If you are installing into a Novell environment, click Cancel, then skip to Step 8 on page 18.
Figure 2-10. Add Computers Wizard Specify how the selected computers should be placed into groups
Select all of the computers for a single group, then click Next. You can select computers from the list or type their names. Selecting computers by IP address is not supported.
Figure 2-11. Add Computers Wizard Select products to be deploy Figure 2-9. Add Computers Wizard Select computers to be managed
Specify how to organize the selected computers, then click Next. By domain or workgroup membership: select
According to group IP settings or domain names.
To deploy the agent to computers, select Push agent. Not all computers support remote installation of the agent. For more information, see Step 5, below. To hide the agent installation, select Hide agent installation user interface for agent push.
16
ProtectionPilot software
In Domain\User, type the credentials to use when installing the agent on the selected computers:
If the computers are in a workgroup... Then, these permissions are needed... Local administrator (on the ProtectionPilot server) Use this format in Domain\User... .\<USER> Example: .\ADMINISTRATOR
NOTE The local administrator user accounts on the server and on each computer must be the same. 4 5
Figure 2-12. Add Computers Wizard Specify agent deployment options
Type the password of the user account you provided in Password. To save the agent package (FramePkg.exe) for manual installation, select Download agent, then click Browse to select a location. For instructions, see Manually installing the agent under Making Sure Computers are Managed and Protected in the ProtectionPilot Product Guide or Help file.
NOTE
If the computers are in a domain... Then, these permissions are needed... Domain administrator (in that domain) Local administrator (on those computers) Local administrator (on the ProtectionPilot server) Use this format in Domain\User... <DOMAIN>\<USER> Example: MAIN\ADMINISTRATOR <COMPUTER>\<USER> Example: SHULL\ADMINISTRATOR .\<USER> Example: .\ADMINISTRATOR
The agent must be manually installed on any computer that meets the criteria for manual agent installation. For a list, see Criteria for Manual Agent Installation in the ProtectionPilot Release Notes (ReadMe.txt).
6 7
Click Next twice. To add more computers, answer Yes when asked Do you want to add more computers now?, then click Finish. For instructions, see Deploying McAfee products on page 16. When youre done adding computers, answer No when asked Do you want to add more computers now?, then click Finish. Computers appear in the console within at the most three minutes.
If the computers are in a workgroup... Then, these permissions are needed... Local administrator (on those computers) Use this format in Domain\User... <COMPUTER>\<USER> Example: SHULL\ADMINISTRATOR
NOTE We recommend setting up the same local administrator user account on all computers, so you can put all of the computers under management at once.
Installation Guide
17
In the Installation Complete dialog box, specify the desired options listed below, then click Finish to complete the installation. To open the console after completing the installation, select Start McAfee ProtectionPilot console. To learn about the latest product information, resolved issues, any known issues, and last-minute additions or changes to the product or its documentation, click View Readme. To create a shortcut for starting the console on the desktop, select Create a shortcut on your Desktop.
Click the Start button, then point to Programs | McAfee | McAfee ProtectionPilot Console. On the McAfee ProtectionPilot page, type the server password, then click Submit.
Novell environment
You must manually install the agent to computers in Novell networks before you can deploy McAfee products. For instructions, see Manually installing the agent and Deploying products to new computers and putting them under management under Making Sure Computers are Managed and Protected in the ProtectionPilot Product Guide or Help file. For more information on managing NetShield for NetWare, see Managing NetShield for NetWare in the ProtectionPilot Product Guide or Help file.
18
ProtectionPilot software
Installation Guide
19
20
ProtectionPilot software
You can back up the ProtectionPilot MSDE database using the McAfee Database Backup Utility (Dbbak.exe). You can back up and restore the MSDE database to the same location on the same computer using this utility. You cannot use it to change the location of the database.
1
Stop the McAfee ProtectionPilot Server service and ensure that the SQL Server (MSSQLSERVER) service is running. Depending on the operating system that you are using, this procedure varies. For instructions, see the Microsoft product documentation. Close all ProtectionPilot consoles and remote consoles. Start the Database Backup Utility (Dbbak.exe). The default location is: C:\Program Files\McAfee\ ProtectionPilot\<VERSION>
2 3
4 5
Type the Database Server Name. Select NT Authentication or SQL Account. If you selected SQL Account, type a user Name and Password for this database.
Installation Guide
21
7 8
Click OK when the backup process is done. Start the McAfee ProtectionPilot Server service and ensure that the MSSQLSERVER service is running. Depending on the operating system that you are using, this procedure varies. For instructions, see the Microsoft product documentation.
In the Database Server Account dialog box, specify the user account that the server uses to connect to the database.
NOTE
If you installed the default MSDE 2000 database during the initial installation, the user name (sa), password (same as one used to start consoles), and authentication method are prefilled. Specify the authentication method of the database by selecting This is an NT account or This is a SQL Server account.
Insert the CD into the CD-ROM drive of the computer. In the autorun window, select the desired language, then select Install ProtectionPilot. In the McAfee ProtectionPilot Setup wizard, click Next to begin the installation. To learn about the latest product information, resolved issues, any known issues, and last-minute additions or changes to the product or its documentation, click View Readme.
In the McAfee End User License Agreement dialog box, select the appropriate license type and the country in which you purchased the software. The license type must match the license you purchased. If you are unsure which license you purchased, contact the person who sold you the software.
NOTE
In a domain environment, type the NetBIOS name of the domain to which the database server belongs, and a user account with domain administrator permissions in that domain. In a workgroup environment, type the workgroup name and a user account with local administrator permissions on the database server computer.
For SQL Server authentication:
If the license agreement does not display correctly, read the appropriate license in the License Agreement (.pdf) file supplied with the software.
5
Read the entire license agreement carefully, select I accept the terms in the license agreement to agree to the license terms, then click OK.
22
ProtectionPilot software
In the HTTP Configuration dialog box, specify the port numbers used for communication to and from the server. When you click Next, the Setup program verifies whether any of these ports are already in use on this computer. If you dont know which port numbers are already being used by other services, we recommend incrementing the number by one until no conflicts are found.
Security Threats communication Displays the port number (8801) that the server uses for outbound communication to the Avert website. You cannot change this port number. Server-to-agent communication Specifies the port number (default is 8081) that the server uses for outbound communication to agents. NOTE
This port must also be available on all managed computers. The Setup program can only verify whether it is in use on this computer. In the Update DAT and Engine dialog box, specify whether you want to retrieve the latest detection definition (DAT) files and scanning engine from the McAfee website right now. If this computer doesnt have Internet access, deselect this option.
Use the default HTTP ports Unless you know which port numbers are available, we recommend using the default port numbers by selecting this option. Agent-to-server communication
Specifies the port number (default is 81) that the server uses for inbound communication with agents.
Console-to-server communication
Figure 3-3. Update DAT and Engine dialog box
Specifies the port number (default is 82) that the server uses for inbound communication with the console and remote consoles.
Agent Broadcast communication Specifies the port number (default is 8082) that the server uses for outbound communication with agents when performing immediate tasks, such as Update and Scan.
In the Ready To Install dialog box, click Install to begin the installation. This dialog box includes the estimated time needed to complete the installation. The Executing Setup dialog box appears and provides the status of the installation.
Installation Guide
23
In the Installation Complete dialog box, specify the desired options listed below, then click Finish to complete the installation. To open the console after completing the installation, select Start McAfee ProtectionPilot console. To learn about the latest product information, resolved issues, any known issues, and last-minute additions or changes to the product or its documentation, click View Readme. To create a shortcut for starting the console on the desktop, select Create a shortcut on your Desktop.
Novell environment
You must manually install the agent to computers in Novell networks before you can deploy McAfee products. For instructions, see Manually installing the agent and Deploying products to new computers and putting them under management under Making Sure Computers are Managed and Protected in the ProtectionPilot Product Guide or Help file. For more information on managing NetShield for NetWare, see Managing NetShield for NetWare in the ProtectionPilot Product Guide or Help file.
Click the Start button, then point to Programs | McAfee | McAfee ProtectionPilot Console. On the McAfee ProtectionPilot page, type the server password, then click Submit.
24
ProtectionPilot software
If you are using Terminal Services; see the ProtectionPilot Release Notes (ReadMe.txt).
Insert the CD into the CD-ROM drive of the computer. In the autorun window, select the desired language, then select Install ProtectionPilot. In the McAfee ProtectionPilot Setup wizard, click Next to begin the installation. To learn about the latest product information, resolved issues, any known issues, and last-minute additions or changes to the product or its documentation, click View Readme. In the McAfee End User License Agreement dialog box, select the appropriate license type and the country in which you purchased the software. The license type must match the license you purchased. If you are unsure which license you purchased, contact the person who sold you the software.
NOTE
If the license agreement does not display correctly, read the appropriate license in the License Agreement (.pdf) file supplied with the software.
5
Read the entire license agreement carefully, select I accept the terms in the license agreement to agree to the license terms, then click OK.
Installation Guide
25
In the Ready To Install dialog box, click Install to begin the installation. This dialog box includes the estimated time needed to complete the installation. The Executing Setup dialog box appears and provides the status of the installation.
In the Installation Complete dialog box, specify the desired options listed below, then click Finish to complete the installation. To open the console after completing the installation, select Start McAfee ProtectionPilot console. To learn about the latest product information, resolved issues, any known issues, and last-minute additions or changes to the product or its documentation, click View Readme. To create a shortcut for starting the console on the desktop, select Create a shortcut on your Desktop.
In the Console Installation Options dialog box, type the name of the server and the console-to-server communication port (default is 82).
Click the Start button, then point to Programs | McAfee | McAfee ProtectionPilot Console. On the McAfee ProtectionPilot page, type the server password, then click Submit.
26
ProtectionPilot software
In the McAfee End User License Agreement dialog box, select the appropriate license type and the country in which you purchased the software. The license type must match the license you purchased. If you are unsure which license you purchased, contact the person who sold you the software.
NOTE
If the license agreement does not display correctly, read the appropriate license in the License Agreement (.pdf) file supplied with the software.
5
Read the entire license agreement carefully, select I accept the terms in the license agreement to agree to the license terms, then click OK. In the Ready To Install dialog box, click Install to begin the installation. This dialog box includes the estimated time needed to complete the installation. The Executing Setup dialog box appears and provides the status of the installation.
In the Installation Complete dialog box, specify the desired options listed below, then click Finish to complete the installation. To open the console after completing the installation, select Start McAfee ProtectionPilot console. To learn about the latest product information, resolved issues, any known issues, and last-minute additions or changes to the product or its documentation, click View Readme. To create a shortcut for starting the console on the desktop, select Create a shortcut on your Desktop.
Insert the CD into the CD-ROM drive of the computer. In the autorun window, select the desired language, then select Install ProtectionPilot. In the McAfee ProtectionPilot Setup wizard, click Next to begin the installation. To learn about the latest product information, resolved issues, any known issues, and last-minute additions or changes to the product or its documentation, click View Readme.
Installation Guide
27
Click the Start button, then point to Programs | McAfee | McAfee ProtectionPilot Console. On the McAfee ProtectionPilot page, type the server password, then click Submit.
28
ProtectionPilot software
For beta and evaluation versions of the software, the installation process differs slightly from the steps presented in this guide, as follows: A dialog box appears before the license agreement, identifying how long you are licensed to use the beta or evaluation software. Click OK to continue to the license agreement. The license agreement always displays in English regardless of your computers system language and the license type options are disabled. When you are using the software, a reminder dialog box appears near the end of the license period, showing the number of days remaining before the license expires. Depending on the type of software, you can:
Beta software Click Beta Contact to access the beta feedback page on the McAfee website, where you can supply your comments about the beta software. Evaluation software Click Buy to access a
Close all ProtectionPilot consoles. Insert the CD into the CD-ROM drive of the computer. In the autorun window, select the desired language, then select Install ProtectionPilot.
NOTE
Be sure that the Setup program you are using is for the licensed version of the software.
4
In the McAfee ProtectionPilot Setup wizard, click Next to begin the migration. A message appears indicating that the migration was completed successfully.
page on the McAfee website, where you can purchase a licensed version of the software. The reminder dialog box appears a number of times before the license expires. If you are not ready to purchase a licensed version or provide beta feedback, you can click OK to close the dialog box. If the license expires, you can no longer log on to the ProtectionPilot server, but can choose to uninstall the agent for Windows. If you leave the agent installed, it continues to enforce policies locally, run scheduled tasks, and send properties and events to the server.
Installation Guide
29
30
ProtectionPilot software
Close all ProtectionPilot consoles. Close all database management software; for example, SQL Enterprise Manager. Use Add/Remove Programs in the Control Panel to remove the software. For instructions, see the Windows Help File. To open this file, click the Start button, then point to Help. To remove the existing MSDE database, select Remove MSDE.
Installation Guide
31
32
ProtectionPilot software
Credentials
To install the server and console or remote consoles, you must be logged on as a local administrator or a member of the Administrators group. To use Windows NT authentication to connect to the ProtectionPilot database: The user or group that is being used to install the software needs the Act as part of the operating system privilege assigned to it. The user account that the ProtectionPilot server will use to connect to the database needs to be a local administrator or member of the Administrators group on the computer on which you are installing the software. To put computers under management (deploy the agent), you need to provide a user account with local or domain administrator permissions on those computers.
NOTE
IP address
If you are deploying the agent to computers in a workgroup using the local administrator user account on those computers, we recommend setting up the same local administrator user account on all computers. This will allow you to put all of the computers under management at once. If you are deploying the agent to computers in a workgroup using the local administrator user account on the server, the local administrator user accounts on the server and on each computer must be the same. To deploy the agent to another domain, the server must have a trust relationship with the Primary Domain Controller (PDC) on the network. For instructions on setting up trust relationships between domains, see the Microsoft product documentation.
Installation Guide
33
Database software
Although you can use MSDE 2000 or SQL Server as the ProtectionPilot database, we recommend that you use the MSDE 2000 database that can be automatically installed when you install the server and console. However, if you have an existing MSDE or SQL Server database that you want to use, complete the following procedures before you install the software.
Small Business Server 2003 Premium
During the server and console installation, you'll need to provide the port number, the database instance name, the authentication method being used for the database, and the user account that the ProtectionPilot server will use to connect to the database. For instructions, see Finding existing database instances on page 35 and Finding the port number of database instances on page 35.
You can use the SQL Server 2000 database included in Microsoft Small Business Server 2003 Premium as the database. It is handled in the same manner as other SQL Server databases.
Local MSDE 2000 Database 1 Install the database software. For
Remote SQL Server database 1 Install the database software as needed. For
Install MDAC as needed. For instructions, see Determining the version number of MDAC on page 35 and Installing MDAC on page 35. Verify that the database server is visible on network. If the server connects to the database server through a firewall, you need to ensure that the database server accepts inbound communication on the database communication port (default is 1433). If you are using SQL Server, verify that the SQL Server service (MSSQLSERVER) is running. For instructions, see the SQL Server product documentation. Verify that the SQL Server Agent service (SQLServerAgent) is running. For instructions, see the SQL Server product documentation. During the server and console installation, you'll need to provide the name of the database server, the database instance name (if using a named instance), the port number, the authentication method being used for the database (default is Windows), and the user account that the ProtectionPilot server will use to connect to the database. For instructions, see Finding existing database instances on page 35 and Finding the port number of database instances on page 35.
instructions, see the MSDE 2000 product documentation. The MSDE 2000 Release A README is available in the product package under SETUP\MSDE\README MSDE2000A.HTM.
NOTENOTE:
3 4
During the server and console installation, you'll need to provide the port number, the database instance name, the authentication method being used for the database, and the user account that the ProtectionPilot server will use to connect to the database. For instructions, see Finding existing database instances on page 35 and Finding the port number of database instances on page 35.
Local SQL Server database 1 Install the database software as needed. For
If you are using SQL Server, verify that the SQL Server service (MSSQLSERVER) is running. Depending on the operating system that you are using, this procedure varies. For instructions, see the Microsoft product documentation.
34
ProtectionPilot software
Firewall software Finding existing database instances 1 Open the Services application window. Installing MDAC
Depending on the operating system that you are using, this procedure varies. For instructions, see the Microsoft product documentation.
2
We distribute the MDAC Setup program on the product CD and in the product package available for download. It can be found in these locations:
On the product CD:
Find entries that begin with MSSQL. The default instance name is MSSQLSERVER. Named instances are MSSQL$<INSTANCE>, where <INSTANCE> is the instance name.
Setup\MDAC\ MDAC_Typ_<LANGUAGE>.exe Where <LANGUAGE> equals EN for English, FR for French, DE for German, JP for Japanese, and ES for Spanish.
In the downloaded product package:
Finding the port number of database instances 1 Open the SQL Server Network Utility
(SVRNETCN.EXE) in the database installation directory. The default location is C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN.
2 3
Setup\MDAC\MDAC_Typ.exe At press time, instructions for installation were available on the Microsoft website: www.microsoft.com/downloads/details.as px?FamilyID=6c050fe3-c795-4b7d-b037-185 d0506396c&DisplayLang=en
Select the desired database instance in Instance(s) on this server. Under Enabled protocols select TCP/IP, then click Properties. The port number appears in Default port.
Firewall software
If you use firewall or personal firewall software, you need to ensure that the communication ports you specify during the installation accept the appropriate type of communication. The software uses these ports to communicate between its components. The type of communication (inbound or outbound) is relative to the ProtectionPilot server.
Communication Agent broadcast Agent-to-server Security Threats Console-to-server Server-to-agent Inbound or Outbound Outbound Inbound Outbound Inbound Outbound Default Port 8082 81 *8801 82 8081
Determining the version number of MDAC 1 Locate the Msdadc.dll file that corresponds
to the database software. The default location is: C:\Program Files\Common Files\System\Ole Db
2
Right-click the Msdadc.dll file, then select Properties. The <FILE> Properties dialog box appears. Click the Version tab. Under Item name, select Product Version. The version number appears under Value.
3 4
__________ *To receive threat notifications, you must allow this communication.
Installation Guide
35
In addition, the following services must be enabled or started on the ProtectionPilot server: The NT LM Security Support Provider service must be enabled. The Server service must be started. To install this service, install the File and Printer Sharing for Microsoft Networks network component. The Workstation service must be started. To install this service, install the Client for Microsoft Networks network component. Depending on the operating system that you are using, the steps to enable or start services, and to install network components vary. For instructions, see the Microsoft product documentation.
JRE is required to view the GroupShield for Exchange policy page. Since the JRE program itself is included in the policy page, you do not need to download it. You will be prompted to install it if needed. You must be logged on to the computer as a local administrator or a member of the Administrators group to install JRE on computers running Windows 2000 or Windows XP.
36
ProtectionPilot software
700-1378-00
mcafee.com