cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
User53835437
Level 7
Report Inappropriate Content
Message 1 of 5
‎10-28-2020 02:06 AM

Applying policies from EPO to standalone client

Jump to solution
We've a number of ENS Threat Prevention policies supplied by Headquarters, using these thru EPO on our clients. We've a number of standalone client installations in our DMZ, where we would like to use the same policy (settings). I've red about he ESConfigTool and the Endpoint Security Package Designer (ENSPD). Apparently there is no straightforward option to import the existing EPO based policies (delivered to us as xml files) into the standalone client. I followed the road of the ESConfigTool, and have exported the TP and ESP settings from my own workstation. Assuming this will contain all the applied, thru EPO, policy settings. Now, before applying this "preconfigured.policy" file to one of my DMZ based standalone clients, I'm wondering: - (how) can I verify that, and what, settings will be applied to my standalone installation - can I revers somehow the "ESConfigTool /import" if I find out that the policy is not working correct, or will I've to reinstall the standalone client - again, is there a way I can 'see' what additional settings have been applied to the ThreatPreventions Access Protection and Exploit Prevention 'modules'.
0 Kudos
Reply
1 Solution

Accepted Solutions
Kenchee_etf
Employee
Employee
Report Inappropriate Content
Message 2 of 5
‎10-28-2020 07:56 AM

Re: Applying policies from EPO to standalone client

Jump to solution

Hello @User53835437 

You are probably refering to:
*** McAfee Endpoint Security 10.7.x Installation Guide (Command-line options for exporting custom settings)
https://docs.mcafee.com/bundle/endpoint-security-10.7.x-installation-guide-windows/page/GUID-31F0BE9...

Now in regards to validation what is imported, ENSTP comes with preconfigured default policy which means it will not have custom configured rules for Access Protection, it will not have any exclusions for On-Access Scan, any custom rules or exclusions for Exploit Prevention etc.

So once you import it and no error is recorded, your standalone machine should have those custom configurations that mirror your machine from where custom policies came from.

Now in regards your question about reverting policy, when you install ENS on machine, as I mentioned, ENS will have default policy hence before you import custom policies, you may first export current one, aka default one, and if, once custom policies are imported, you want to revert them, you should be able to reimport default one back. I hope I am explaining myself properly.

So please let me know if you have any additional question.

Side note:
If you have lot of standalone nodes in DMZ, is there any reason why you don't have Agent Handler in DMZ as well in order for you to get capability to manage those DMZ nodes that are currently standalone?

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

0 Kudos
Reply
4 Replies
Kenchee_etf
Employee
Employee
Report Inappropriate Content
Message 2 of 5
‎10-28-2020 07:56 AM

Re: Applying policies from EPO to standalone client

Jump to solution

Hello @User53835437 

You are probably refering to:
*** McAfee Endpoint Security 10.7.x Installation Guide (Command-line options for exporting custom settings)
https://docs.mcafee.com/bundle/endpoint-security-10.7.x-installation-guide-windows/page/GUID-31F0BE9...

Now in regards to validation what is imported, ENSTP comes with preconfigured default policy which means it will not have custom configured rules for Access Protection, it will not have any exclusions for On-Access Scan, any custom rules or exclusions for Exploit Prevention etc.

So once you import it and no error is recorded, your standalone machine should have those custom configurations that mirror your machine from where custom policies came from.

Now in regards your question about reverting policy, when you install ENS on machine, as I mentioned, ENS will have default policy hence before you import custom policies, you may first export current one, aka default one, and if, once custom policies are imported, you want to revert them, you should be able to reimport default one back. I hope I am explaining myself properly.

So please let me know if you have any additional question.

Side note:
If you have lot of standalone nodes in DMZ, is there any reason why you don't have Agent Handler in DMZ as well in order for you to get capability to manage those DMZ nodes that are currently standalone?

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
0 Kudos
Reply
User53835437
Level 7
Report Inappropriate Content
Message 3 of 5
‎10-28-2020 11:52 PM

Re: Applying policies from EPO to standalone client

Jump to solution

I’m sorry, attempted twice by following the link send to me, discovering that after typing my comments login attempts failed.

Anyway, thanks for your reaction.

Anyway, I’ve ‘discovered’ the options provided by ‘export /plaintext’.

- I can now see what is in the export, not only from my ‘source’ machine, but also from my standalone client before and after applying new settings via ESConfigTool /import

- as our DMZ started only recently to expand, I will verify your suggestion about ‘Agent Handlers’. No idea what that will bring yet.

Will report back.

0 Kudos
Reply
User53835437
Level 7
Report Inappropriate Content
Message 4 of 5
‎11-06-2020 12:18 AM

Re: Applying policies from EPO to standalone client

Jump to solution

I could not have a full look at the Agent Handler functionalities. Security regulations disallow me from being able to access a database with system info (IP etc) from the DMZ.

So I will have to live with the ESConfigTool options.

0 Kudos
Reply
User53835437
Level 7
Report Inappropriate Content
Message 5 of 5
‎11-11-2020 06:09 AM

Re: Applying policies from EPO to standalone client

Jump to solution

We decided to add an EPO server into our DMZ. Both for security, maintainability and transparancy.

I’m now trying to figutebout how to add a standalone installation to EPO. 

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC