Knowledge Center

• Email and Web Security Appliance
• Email Gateway
• Host IPS
• Network Security Platform
• Network Threat Behavior Analysis
• Network Threat Response
• SaaS Email Protection
• SaaS Web Protection
• Security for Microsoft Exchange
• Security for Microsoft SharePoint Server
• SiteAdvisor Enterprise
• VirusScan Enterprise 
• Web Gateway 
   

1. Log on to the management console.
2. Select one of the two Installation methods:
   1. Installation via SMTP:
      1. Select Email, Email Policies, Scanning Policies.
      2. Select a protocol: SMTP (or POP3), Anti-Virus, Viruses.
         You see the Anti-Virus Settings window.
          
   2. Installation via HTTP:
      1. Select Web, Web Policies, Scanning Policies.
      2. Select a protocol: HTTP (or ICAP/FTP), Anti-Virus, Viruses.
         You see the Anti-Virus Settings window. 
          
3. From the Basic Options tab, select Enable Global Threat Intelligence file reputation.
4. Select Sensitivity level (Default: Medium).
    

   Disabled	GTI is turned off.
   Very Low	For desktops/servers with restricted user rights and strong security footprint
   Low	Minimum recommendation for laptops or desktops/servers with strong security footprint
   Medium	Minimum recommendation for laptops or desktops/servers
   High	For deployment to systems or areas which are regularly infected
   Very High	In Email and On-Demand Scans on non-operating system volumes

   
    
5. Click Apply Changes.

1. Select Anti-Spam, TrustedSource.
2. Click Enable TrustedSource and set additional configuration if required.

To enable GTI Message Reputation in the Spam Profiler:

1. Select Anti-Spam, Spam Profiler, Configure.
2. Click Enable Trusted Source under Spam Features/Dictionaries.

1. In the Network Security Manager Resource Tree, select IPS Settings and select the Malware Detection tab.
2. Set the GTI File Reputation specific options for the sensor, including DNS servers, Sensitivity Level and Response Action. From here, you can also manage options related to the use of custom fingerprints.
3. Click Save.
4. Select Enable options.
5. Set the Enable options per sensor and port or port pair.
6. For each port or port pair, choose a direction and detection type.
7. Click Save, and then select Configuration Update for the changes to take effect.

To enable GTI Network Connection reputation:

1. In the Network Security Manager Resource Tree, select IPS Settings and select the Malware Detection tab.
2. In the Network Security Manager, navigate to My Company/Integration, then Global Threat Intelligence. You can then choose your participation levels, alert details, and technical information.

1. Launch ePO and go to the Policy Catalog.
2. Select Host Intrusion Prevention 8.0 or later: Firewall under Product.
3. Select Firewall Options under Categories.
4. Click Edit corresponding to the policy for which you want to enable GTI.
5. Select a value from the drop-down list for Incoming/Outgoing TrustedSource Block Threshold.

1. In the Network Security Manager, navigate to My Company/Integration, and then select Global Threat Intelligence.
2. You can now configure participation levels, alert details, and technical information as needed.

1. In the administrative console, select the Web Protection tab.
2. Select the Policies tab.
3. Select the Content tab.
4. Select Enable content filtering. Under Safe Search Options, you can also choose to Prevent leading search engines from returning sexually explicit search results.
5. You can further select website allow/deny options on this screen.

1. Click Start, Programs, McAfee, Security for Microsoft Exchange, Product Configuration.
2. Click Settings & Diagnostics.
3. Click Anti-Spam.
4. Under McAfee Global Threat Intelligence message reputation, select Enable message reputation.
5. Click Apply.

1. Click Start, Programs, McAfee, Security for Microsoft Exchange, Product Configuration.
2. Click Policy Manager, and then select On-Access or On Demand.
3. Click Master policy.
4. Click Anti-Virus Scanner.
5. Under Activation, select Enable.
6. Under Options, select the anti-virus option you want to configure and click Edit.
7. Select the Scanner Options you require, and then select Enable Artemis Technology and the required Sensitivity Level:
    

   Disabled	GTI is turned off.
   Very Low	For desktops/servers with restricted user rights and strong security footprint
   Low	Minimum recommendation for laptops or desktops/servers with strong security footprint
   Medium	Minimum recommendation for laptops or desktops/servers
   High	For deployment to systems or areas which are regularly infected
   Very High	In Email and On-Demand Scans on non-operating system volumes

    
8. Click Save.
9. Click Apply.
10. Refresh the page to view policy setting changes.

1. Log on to the ePolicy Orchestrator server as an administrator.
2. Click Systems, System Tree, select the appropriate group, and then select the individual system(s).
3. Click Assigned Policies.
4. Select the appropriate Product, Category, Policy, and then click Save.
5. Click Policy Manager, and then select On-Access or On Demand.
6. Click Master policy.
7. Click Anti-Virus Scanner.
8. Under Activation, select Enable.
9. Under Options, select the anti-virus option you want to configure and click Edit.
10. Select the Scanner Options you require, and then select Enable Artemis Technology and the required Sensitivity Level:
     

    Disabled	GTI is turned off.
    Very Low	For desktops/servers with restricted user rights and strong security footprint
    Low	Minimum recommendation for laptops or desktops/servers with strong security footprint
    Medium	Minimum recommendation for laptops or desktops/servers
    High	For deployment to systems or areas which are regularly infected
    Very High	In Email and On-Demand Scans on non-operating system volumes

     
11. Click Save.
12. Select the client computer, and then send an Agent wake-up call.

• GTI is supported with Security for Microsoft SharePoint as of version 2.5.
• GTI does not replace signature files. DAT files are still required for further actions such as cleaning and repair.
• GTI protection is available only if your computer is connected to the Internet. Without Internet connectivity, computers are protected by the local DAT files, but GTI will not be active.
• GTI uses a very small amount of bandwidth and is suitable for use on low speed connections.

To configure GTI locally:

1. Log on to the Microsoft SharePoint server with an Administrator account.
2. Launch Security for Microsoft SharePoint Server.
3. Click Policy Manager, then select On-Access or On Demand.
4. Click Master Policy. 
5. Click Anti-Virus Scanner.
6. Under Activation, select Enable.
7. Under Options, select the anti-virus option you want to configure and click Edit.
8. Select the Basic Options, and then select Enable Artemis Technology and the required Sensitivity Level.
    

   Disabled	GTI is turned off.
   Very Low	For desktops/servers with restricted user rights and strong security footprint
   Low	Minimum recommendation for laptops or desktops/servers with strong security footprint
   Medium	Minimum recommendation for laptops or desktops/servers
   High	For deployment to systems or areas which are regularly infected
   Very High	In Email and On-Demand Scans on non-operating system volumes

   
    
9. Click Save.
10. Click Apply.
11. Refresh the page to view policy setting changes.

1. Launch ePO and select Menu, Policy, Policy Catalog.
2. Select Product - SiteAdvisor Enterprise 3.5 or later.
3. Click Enable or Disable from the policy menu.

• For VSE 8.7i (unpatched) and VSE 8.7i Patch 1, you can enable the GTI service for On-Delivery Email Scan, On-Demand Scan, or On-Access Scan.
• For VSE 8.7i Patch 2 and later, GTI is enabled by default and you do not have to take any no action.

1. On-Delivery Email Scan policy:
   1. Launch ePO, then click the Systems tab.
   2. Click the Policy Catalog tab, then select VirusScan Enterprise 8.7.0 (or later) On Delivery Email Scan Policies.
   3. Select to edit the policy for Server or Workstation.
   4. Select the Scan Items tab, then under Heuristic network check for suspicious files, (or in VSE 8.8, under Artemis (heuristic network check for suspicious files)) select the Sensitivity level.
   5. On the Scan Items tab under Heuristics, enable Find unknown program threats and trojans.
   6. Save the policy.
       
2. On-Demand Scan task:
   1. Launch ePO, then click the Systems tab.
   2. Click the System Tree, Client Tasks, New Task.
   3. Type a new name and select the task type On Demand Scan (VSE 8.7.0 or later).
   4. Click Next and select the Performance tab.
   5. Under Heuristic network check for suspicious files, (or in VSE 8.8, under Artemis (heuristic network check for suspicious files)) select the Sensitivity level.
   6. On the Scan Items tab under Heuristics, enable Find Unknown program threats.
   7. To schedule the task to run, click Next.
   8. To review and save the task, click Next.
       
3. On-Access Scan policy (VSE 8.7i Patch 1 or later required): 
   1. Launch ePO, then click the Systems tab.
   2. Click the Policy Catalog tab and select VirusScan Enterprise 8.7.0 (or later) On Access General Policies.
   3. Select to edit the policy for Server or Workstation.
   4. Select the General tab, then select the Sensitivity level under Heuristic network check for suspicious files (or in VSE 8.8, under Artemis (heuristic network check for suspicious files)).
   5. Save the policy.
   6. Select VirusScan Enterprise 8.7.0 (or later) and On Access Default / High-Risk/Low-Risk Process  Policies.
   7. Select to edit the policy for Server or Workstation.
   8. Click the Scan Items tab and enable Find unknown programs and trojans under Heuristics.
   9. Save the policy.

To enable GTI File Reputation:

1. In the policy screen, in the settings tab to the left, drill down on engines, anti-malware, and gateway anti-malware.
2. Under Advanced Settings, click Enable Artemis Queries.

To enable GTI  Web Categorization and Reputation:

1. Staying in the policy screen and settings tab on the left, drill down to TrustedSource, Default.
2. To the right, select Do in the cloud rating if local rating yields no result for web categorization and Use default TrustedSource server for in the cloud rating for web reputation.
   Geolocation information is only available through cloud look-ups. To enable this, select Only use in the cloud rating services.