McAfee Application Control / Change Control Administration

X

Student Registration Form

Thank you for being interested in our training! Fill out this form to pre-book or request information about the delivery options.

* Required

Course Schedule

I'd like to receive emails with the latest updates and promotions from Insoft.

Data Protection & Privacy

I hereby allow Insoft Ltd. to contact me on this topic. Further, I authorise Insoft Ltd. processing, using collecting and storing my personal data for the purpose of these activities. All your data will be protected and secured as outlined in our privacy policy.

McAfee Application Control / Change Control Administration
  • McAfee Application Control / Change Control Administration

    4 Dages
    Network Security
    1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
    Loading...

    Reviews

    Course Details

    Sammanfattning

    The McAfee University Application Control / Change Control Administration course enables attendees to receive in-depth training on the full benefits and deployment of McAfee Application Control / Change Control products. Enabling administrators to fully understand the capabilities of their security solution not only reduces the risks of mis-configuration but also ensures an organization gets the maximum protection from their installation.

    Målsättning

    • Understand the capabilities of McAfee’s Application Control / Change Control solution
    • Install and administer
    • Manage remote
    • Protect end points.

    InnehĂĄll

    Module 1: Introduction to the McAfee Application  Control/Change Control

    • What is MACCC?
    • Supported Operating Systems
    • Solidcore Architecture
    • Multi-layered Security Solution
    • Whitelisting
    • Trust Model
    • Image Deviation
    • Differentiators
    • Visibility and Enforcement for End- to-end Compliance
    • File Integrity Monitoring
    • Change Prevention
    • Install Workflow
    • Navigation to Solidcore Components
    • Solidcore Configuration
    • Updaters or Publishers
    • Solidcore Configuration
    • Installers
    • Solidcore Policies
    • Windows Path Definitions
    • Solidcore Server Tasks
    • Solidcore: Purge Task
    • Migration Server Task
    • Calculate Predominant Observations (Deprecated)
    • Content Change Tracking Report Generation
    • Solidcore: Run Image Deviation
    • Image Deviation (Application Control)
    • Specifying a Golden Image
    • Solidcore: Scan a Software Repository

    Module 2: Planning a McAfee® ePolicy Orchestrator™ Deployment

    • Platform Requirements
    • ePO Server Hardware Requirements
    • ePO Server Operating Systems
    • ePO Server Prerequisite Software
    • Supported Web Browsers
    • Supported SQL Server Releases
    • Default Communication Ports
    • Default Ports
    • Determining Ports in Use
    • Virtual Infrastructure Requirements
    • Deployment Guidelines
    • Deployment Scenario: Basic Plan
    • Solution A: One ePO Server
    • Solution B: Two ePO Servers
    • Solution C: ePO server with Agent Handlers
    • Deployment Scenario: Disk Configuration
    • Solution: Less than 5,000 Nodes
    • Solution: 5,000 to 25,000 Nodes
    • Deployment Scenario: Disk Configuration
    • Solution: 25,000 to 75,000 Nodes
    • Solution: More than 75,000 Nodes
    • Database Sizing
    • How Products and Events Affect Calculations
    • Example: Calculating Averages
    • Calculating Your Environment
    • Managing Scalability
    • Environmental Factors

    Module 3: Security Connected and McAfee® ePolicy Orchestrator™ Overview

    • Security Evolution
    • Security Connected
    • Breadth and Depth for Security
    • ePO Solution Overview
    • New for this Release
    • Basic Solution Components
    • How ePO Works
    • Essential Features
    • Integration with Third-Party Products
    • ePO Web Interface
    • Menu Page
    • Customizing the User Interface
    • Architecture and Communication
    • Functional Process Logic
    • Data Storage

    Module 4: McAfee® Agent

    • McAfee Agent Overview
    • New for This Release
    • Agent Components
    • Agent-Server Secure Communication Keys
    • Communication after Agent Installation
    • Typical Agent-to-Server Communication
    • McAfee Agent-to-Product Communication
    • Forcing Agent Activity from Server
    • Wake-up Calls and Wake-up Tasks
    • Configuring Agent Wake-up
    • Locating Agent Node Using DNS
    • Using System Tray Icon
    • Forcing McAfee Agent Activity from Client
    • Viewing McAfee Agent Log
    • ePO 4.x/McAfee Agent 4.x Feature Dependencies
    • Agent Files and Directories
    • xml
    • McAfee Agent Log Files
    • Using Log Files
    • Installation Folders

    Module 5: Application Control/Change Control Extension  Installation

    • Extensions in ePO
    • Extensions Menu
    • Integration of AC/CC Extension
    • Installation Requirements
    • System Requirements
    • ePO Database Sizing
    • Installation of Extension
    • Solidcore Licensing
    • What is Solidcore?
    • Install Workflow Review
    • Installing Licenses
    • Solidcore Database Tables

    Module 6: Solidcore Client

    • Solidcore Architecture
    • The agent plug-in and how it works
    • Types of Platforms Protected
    • Supported Systems
    • Check in Agent Plug-in Package into ePO
    • Deploying the Solidcore Agent Plug- in
    • Verifying Installation from the Endpoint
    • Solidcore Client Tasks
    • Enable Solidcore Agent Task
    • Disable Solidcore Agent Task
    • Initial Scan to Create Whitelist
    • Pull Inventory
    • Begin Update Mode
    • End Update Mode
    • Change Local CLI Access
    • Collect Debug Info
    • Run Commands
    • Get Diagnostics for Programs
    • Features for the Client
    • Client Notifications and Events
    • Client Events and Approvals
    • Customizing Client Notifications

    Module 7: Application Control Initial
    Configuration

    • What are Observations?
    • Observe Mode
    • Manage requests
    • Review requests
    • Process requests
    • Allow by checksum on all endpoints
    • Allow by publisher on all endpoints
    • Ban by checksum on all endpoints
    • Define custom rules for specific endpoints
    • Allow by adding to whitelist for specific endpoints
    • Define bypass rules for all endpoints
    • Delete requests
    • Review created rules
    • Throttle observations
    • Define the threshold value
    • Review filter rules
    • Manage accumulated requests
    • Exit Observe mode
    • Inventory Introduction
    • Fetch Inventory
    • GTI Integration
    • Trust level and score
    • Cloud Trust Score
    • Inventory Without Access to GTI
    • Fetch McAfee GTI ratings for isolated networks
    • Export SHA1s of all binaries
    • Run the Offline GTI tool
    • Fetch Inventory – Bad File Found Event
    • Manage the inventory
    • Manage Binaries
    • Application Control Policies
    • Role of the Policy
    • Application Control Configuration
    • Managing Rule Groups
    • Creating an Application Control Rule Group
    • Updater Tab
    • Trusted Users
    • Exceptions
    • Using a Rule Group to Block an Application

    Module 8: Application Control Feature Administration

    • What is Update Mode?
    • How to Update a Solidified System
    • Auto-Updaters
    • Authorized Updaters
    • Determining Updaters
    • Understanding Publishers
    • Understanding Installers
    • Scan a Software Repository
    • Revisit – Solidcore Permission Sets
    • Reboot Free Activation
    • Inventory Management Enhancements
    • Inventory Management – Pull Inventory
    • Inventory By Application
    • Inventory By Systems
    • Inventory Application Drill-down
    • Inventory Binary Drill-down
    • Search Filters
    • Modifying Enterprise Trust Level

    Module 9: Event and Alerts

    • Understanding Events
    • What Creates an Event
    • When Are Events Sent Back?
    • Viewing Events
    • Advanced Filters
    • Selecting Columns to Display
    • Viewing the Details of an Event
    • Solidcore Events
    • Example of Solidcore Events
    • Application Control Events
    • Planning Automatic Responses
    • Throttling, Aggregation, and Grouping
    • Alerts
    • Understanding Alerts
    • Scenarios
    • Configuring a Solidcore Alert
    • Viewing an Alert
    • Support of SNMP Alerts
    • Customizing End User Notifications
    • Syslog Enhancements

    Module 10: Change Control Initial
    Configuration

    • Application Control & Change Control
    • Change Control & Integrity Monitoring
    • Scenario
    • File Integrity Monitoring
    • Workflow
    • Disable Solidcore
    • Enable Solidcore on the Endpoint
    • Verifying Client Task Completion
    • Integrity Monitoring Policies
    • Using Integrity Monitor
    • Creating an Integrity Monitor policy
    • Integrity Monitoring Policies
    • Testing your Monitoring
    • Reducing “Noise”
    • Example of Reducing “Noise”

    Module 11: Using the Policy Catalog and Managing Policies

    • Change Control Policies
    • Role of the Policy
    • Variables for Use in Policies
    • Example of Variables in a Rule Group
    • Scenario
    • Write Protect a File, Trusted Program can Alter
    • Write Protect a Registry Key, Program can Alter
    • Write Protect a File, Trusted User can Alter
    • Verifying only Trusted User can Alter
    • Read Protection must be Enabled
    • Read Protect a File, Trusted Program can Access
    • Emergency Changes
    • Content Change Tracking
    • One Click Exclusion (Advanced Exclusion Filtering)
    • One Click Exclusion Configuration
    • Troubleshooting

    Module 12: Dashboards and  Reporting

    • The Dashboard
    • ePO Dashboards
    • Queries As Dashboard Monitors
    • Dashboard Access
    • Dashboard Configuration
    • Solidcore Dashboards
    • Application Control Dashboard
    • Change Control Dashboard
    • Integrity Monitor Dashboard
    • Inventory Dashboard
    • Solidcore Queries
    • Reporting > Solidcore
    • Application Control > Inventory
    • Application Control > Image Deviation
    • Automation > Solidcore Client Task Log
    • Scenario
    • Creating a Customized Dashboard
    • Making a Dashboard Public
    • Set the Default Dashboard

    Module 13: Troubleshooting

    • Solidcore Architecture and Components
    • Solidcore 6.1.3 Architecture
    • Troubleshooting References
    • Location of Solidcore Files on Endpoint
    • ePolicy Orchestrator Application Server Service Logs
    • Solidcore Registry Keys on Endpoint
    • Solidcore Services
    • Troubleshooting Best Practice
    • Escalation Best Practices
    • Troubleshooting GTI Cloud Issues Best Practice
    • Top Issues – Task Failure
    • Top Issues – Denied Execution Issues
    • Top Issues – Denied Execution of a Network Share
    • Top Issues – Network Share
    • Top Issues – KB
    • Useful Tools
    • Solidcore Event Logs
    • Solidcore User Notifications
    • Solidcore Troubleshooting Tools
    • Escalation Tools
    • Solidcore Database Tables
    • Minimum Escalation Requirements (MER)
    • Running MER Tool on Client
    • Dump Tools

    Module 14: Case Studies

    • A Case from History
    • Unpatched, Known Vulnerabilities in the Client
    • Browser-based Exploits
    • The Remedy
    • Application Whitelisting
    • Increasing Compliance Requirements
    • Remedy
    • File Monitoring
    • Complete the Task

    Module 15: CLI Administration

    • Solidcore CLI
    • Location of Solidcore Files on Endpoint
    • Viewing the CLI Access
    • Enabling the CLI
    • Unlocking the CLI Locally
    • Securing the CLI
    • Using the CLI
    • SADMIN Commands
    • Solidifying from the CLI
    • Unsolidifying
    • What is Solidcore’s Status?
    • Beginning the Update Status
    • Ending the Update Status
    • Enabling and Disabling Solidifier
    • SADMIN Commands
    • Advanced SADMIN Commands
    • Solidcore Commands
    • New CLI Commands
    • Application Control Rules & Helpful Commands
    • Read/Write Protect Files
    • Change Control Commands – Write Protection
    • How To Write Protect a File
    • Modifying a Read/Write Protected Files
    • Change Control Features – Write Protection
    • Application Control
    • Authorize Command Arguments
    • Discovering and Adding Updaters
    • SADMIN Diag Notations
    • Discovering and Adding Updaters
    • Using Attributes to Control File Execution
    • Attributes
    • Using Attributes to Control File Execution
    • Viewing Solidcore Events
    • Event Sinks
    • Logging Events
    • Event Names and Log Entries
    • Product Tools

    Module 16: Best Practices

    • Review of Initial Setup Tasks
    • Systems Tree Infrastructure
    • Communication between ePO and Agent
    • Activation Options: Application Control Only
    • Inventory Collection Scan
    • Protection State Selection
    • Protection State Delivery
    • Testing Protection mechanisms
    • Policies and Rule Groups
    • Policy Tuning
    • Bypass Rules and Exclusions
    • Inventory and Whitelist
    • Updaters
    • Application Control Memory Protection
    • Maintenance
    • Basic Troubleshooting and FAQs
    • Solving Memory Discrepancies
    • Helpful Resources

    MĂĄlgrupp

    • System and network administrators, security personnel, auditors, and/or consultants concerned with network and system security should take this

     

    Förkunskaper

    • It is recommended that the students have a working knowledge of Microsoft Windows administration, system Administration concepts, a basic understanding of computer security concepts, and a general understanding of viruses and anti-virus technologies.

    Schema

      Apr 1 - Apr 5, 2019
    Stockholm
      May 20 - May 24, 2019
    Stockholm
      Sep 2 - Sep 6, 2019
    Stockholm
      Dec 9 - Dec 13, 2019
    Stockholm