A New Antivirus Tool for Network Administrators—ePolicy Orchestrator

Protecting data from the ever-present threat of viruses is a big concern for people who depend on their computer for work. CIT offers McAfee’s ePolicy Orchestrator (ePO) software to assist NIH administrators and security officers in installing and maintaining the latest antivirus protection on all desktop computers and servers. In addition, CIT provides consultation and support for ePO. The software was purchased as a component of the NIH security infrastructure. Therefore, there is no direct charge for NIH IC's use of the software.

What is ePO?

ePO is a management tool for McAfee antivirus software. Network administrators and security officers can use ePO to configure and maintain antivirus protection on all client machines on a network. From a server or remote console, ePO allows administrators to set, distribute and enforce antivirus policy—as well as monitor virus activity—on all the client machines.

From a single console and for the entire network, administrators can use ePO to:

•	view the properties and antivirus status of all client machines and set policies
•	manage the way McAfee antivirus software products update the virus definition (.DAT) files
•	initiate scans to search for viruses on client machines—especially important during an outbreak
•	schedule tasks such as software upgrades or scans
•	manage antivirus protection by IP range, Windows NT domain, or other logical grouping
•	capture data on antivirus activity on any client machine
•	install antivirus software and store products

ePO supports policy management and reporting for McAfee products (versions 4.03 and higher; CIT recommends version 4.5)—VirusScan, NetShield, GroupShield and WebShield SMTP.

ePO Components

The three main components of ePO include the server, the console (user interface), and the agent (a small program that resides on each computer, enforcing the policies and activating the tasks that the administrator defines).

•       Server

The server includes a robust database that accrues large amounts of data regarding McAfee product operation; a report-generating engine that lets you monitor virus protection performance (e.g., by computers, events, software versions); and a repository for the software you deploy to your network. The ePO server runs on Microsoft Windows NT and Windows 2000 platforms, and uses Microsoft Data Engine (MSDE) v1.0 or Microsoft SQL Server 7 for its database.

•       ePO Console

The console provides a user interface (based on the Microsoft Management Console) that manages antivirus protection. The console allows the administrator to view the properties of the client machine, set and enforce antivirus policies, schedule tasks, and view and customize reports to monitor deployment and virus activity.

•       ePO Agent

This part is pushed to the client machines (called "agent hosts") to gather and report data, install software, and report any events back to the server. When further activity occurs on the client machine (related to McAfee products), the agent notifies the server of the activity.

Advantages of ePO

Some of the key advantages of the ePO software are:

Automated Tasks
ePO reduces the time that the support staff spends checking and updating each client machine’s antivirus software.

Real-Time Policy Management and Updating
The client can be configured to report software versions and any infected files to the server at regular intervals. ePO also features an agent wakeup call that allows the administrator to request this information immediately.

Policy Management
A single set of virus protection policies can be set and enforced for the entire network or on a per-group basis.

Reporting
A full-featured reporting component allows the administrator to request several specialized reports on the status of total virus defense for the network. All of the data for those reports is captured in the server’s database for all of the client machines.

Software Distribution
ePO provides a centralized repository for the McAfee products that the administrator chooses to deploy. After the agent is installed on each client machine, it can review the configuration and determine what virus protection policies to enforce for that client. ePO can also deploy the software to that client via the Console.

Outbreak Management
ePO offers an agent wakeup call that can force the client to request a .DAT update. This function offers greater control in the prevention of and response to outbreak situations.

CIT provides consultation and support services for ePO implementation. The ePO software can be downloaded from the NIH Antivirus Web site by clicking on "Downloads," "Antivirus Server" and "Management Tools."

For more information regarding ePO, please contact TASC.