ePServer Configuration

Server Settings

All the necessary settings specific to your ePO server are in Server Settings. The available entries here allow you to fine-tune you ePO server based on the needs of your organization. Customizations made here affect all your ePO users.

Menu > Configuration > Server Settings

Password Policy

The ePO 5.10 release added the Password Policy feature, which allows you to define the strength of a password. For example, an administrator can restrict the number of previously used passwords and limit the number of days before the password expires.

To use this feature, administrators must manually enable these settings via the Password Policy setting category in Server Settings as this feature is not enabled by default.

Select the Password Policy Setting Category, then click Edit.

Once enabled, available options for this feature include:

• Password Strength Criteria: Passwords can be defined as having 7-30 characters, and must contain at least one of the following characters:

  • Uppercase

  • Lowercase

  • Numeric

  • Special

• Password Expiration Criteria: Expiration dates from 30-365 days can be configured before a password expires

Logon Protection

The ePO 5.10 release also added the ability to set user account lockouts based on multiple logon attempts or restrict access via IP address management thru the Logon Protection server setting.

• Select the Logon Protection Setting Category, then click Edit.

• Click on the Automatic Responses link under Notifications to create you own customizable default response to failed logon attempts.

Enable these features to provide added logon protection:

• Lock Out User Accounts: Enable this feature to lock out a user account after the configurable failed attempts is met.

• Restrict IP Addresses: Enable this feature to automatically block an IP address if 10 or more failed attempts occur in under 60 seconds.

---

Queries Page

Queries is a new category introduced in the Server settings page. Use the Queries page to set the maximum number of elements that display in the following chart types:

• Single-Line Chart

• Bar Chart

• Stacked Bar Chart

• Single Group Summary Table

• Bubble Chart

Higher number of elements may affect query and chart performance. You can set the maximum limit up to 2000 for any of the chart types.

Email Encryption

Email Encryption (TLS support) is a new setting on the Email Server page in the Server Settings.

• Provides the secure channel (SMTP over TLS) for email support in ePO

• Allows you to enable/disable the TLS support

• When you enable this option, the port number in SMTP server port updates from an existing port number to 587

Server Information

The Server Information Settings page specifies Java, OpenSSL, and Apache server information for the ePO and database server, such as name, IP address, and version information. You can export the Server Information page details to a CSV file.

Personal Settings

Personal Settings in the ePO console allows you to customize the ePO server to your environmental needs.

To configure Personal Settings, go to Menu > Configuration > Personal Settings.

In Personal Settings, you can modify items such as:

• Appearance: Provides the ability to change the display color of a selected entry in the console

• Password: This option is no longer available from within Personal Settings; see the “Change Password” entry under the Help icon on the banner bar

• Queries and Reports Warning: Determines whether a warning message appears when you try to drag a query from one query group to another

• System Tree Settings: Determines whether a warning message appears when you try to drag systems or groups from one System Tree group to another. Enable auto-expand (default) of System Tree nodes when moving one system to another.

• Tables: Identifies how often auto-refreshed tables are refreshed during your session

• Time Zone Preference: Provides the ability to set the desired time zone for your ePO server

• User Session: Controls the length of time that your user session remains open after you stop interacting with the user interface

---

Registered Servers

Various types of additional servers in a customer environment can be registered in the ePO server, allowing you to integrate ePO with other external servers. To configure these external servers, go to Menu > Configuration > Registered Servers.

Registered servers are servers that work with your ePO server to support or add functionality. When you install ePO for the first time, no other servers are registered with your ePO server.

Click New Server to create a new registered server, or click Action to delete or edit an existing registered server. You can register several types of servers with your main ePO server, including:

• LDAP servers: Registering this type of server allows you to use Policy Assignment rules to dynamically enable assigned permission sets and to enable Active Directory (AD) User Login; Active Directory servers are an example of LDAP servers that can be used to synchronize and import systems from an AD server to the ePO System Tree.

• Other ePO servers: Registering this type of server allows you to collect or aggregate data or transfer managed systems between the registered servers.

• SNMP servers: Registering this type of server allows ePO to know where to send the trap to so it can receive the trap info.

• Syslog servers: Registering this type of server allows ePO to forward events received from clients to the syslog server.

• Additional, remote, database servers: Registering this type of server allows you to retrieve data from the database in queries, reports, dashboard monitors, and server tasks.

---

See the Registered Servers(opens in a new tab) section in the ePO 5.10 Product Guide for additional details on registering servers in ePO.

---

Agent Handlers

What are Agent Handlers?

Agent Handlers are an ePO server component that handle communication between Agent and an ePO server. Each installation of ePO includes an Agent Handler. Agent Handlers can be deployed independently on systems throughout your network. These servers should be on the same network as the ePO server and not on a remote network across a WAN link.

• By default, the ePO server acts as an Agent Handler.

• Agent Handlers helps offload the demand on the ePO server.

• They can help scale the ePO infrastructure and reduce the load on the ePO server.

• They can take care of all the ASCI communication.

How Agent Handlers Work

Managed system is assigned to Agent Handler

Agent Handlers distribute network traffic, which is generated by an agent-to-server communication interval (ASCI), by assigning managed systems or groups of systems to report to a specific Agent Handler. You can assign single system or groups of systems, as well as have distinct groups assigned to different Agent Handlers.

System performs regular ASCI

After assignment, a managed system performs regular agent-server communication to its Agent Handler instead of to the main ePO server. Like the ePO server, communications between agents and Agent Handlers are over an Industry‑standard Transport Layer Security (TLS) network protocol for secure network transmissions.

Agent pulls necessary files and information from its Agent Handler

The Agent Handler provides updated sitelists, policies, and policy assignment rules to clients. The handler also supplies repository content to clients configured to update from the master repository. The agent handler on the ePO server provides the content directly; additional agent handlers cache files from the main repository as clients request them. When an agent requests content from its handler, if the handler does not have the files needed, the handler retrieves them from the Main Repository and passes them to the agent. The files are cached on the additional agent handler so that subsequent requests for the same file do not require additional traffic from the Main Repository.

Repositories

• By default, requested repository files are cached in C:\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\RepoCache directory on the ePO server or remote Agent Handler.

• The primary ePO server (i.e., the system that has the ePO Application Server service installed) hosts the Main Repository.

• Agent Handlers transparently handle requests for software and cache the required files after downloading from the main repository.

• No configuration is necessary.

Data Channel

• API extension for Trellix products integration

• Mechanism for Trellix products to exchange messages between their endpoint plugins and their management extensions

• Agent properties, tagging, and policy computation performed directly against database

Logical ePO Infrastructure

An Agent Handler is installed as a part of the primary ePO server. This is sufficient for many small ePO installations. For larger and more complex networks, you can distribute services across the network by installing additional Agent Handlers.

• These additional Agent Handlers co-exist within a single logical ePO infrastructure.

• You can deploy Agent Handlers on separate hardware or virtual machines that coexist within a single logical ePO infrastructure.

• An Agent Handler installation includes only the Trellix ePO Server service (Apache Server) and Trellix ePO Event Parser service.

  • The Trellix ePO Server service communicates with the Trellix Agent, receives updated events and properties from the agents, and sends updated policies and tasks as assigned by administrators in the ePO console.

  • The Trellix ePO Event Parser service receives events from the Trellix ePO Server service, which in turn receives them from the clients.

Agent Handler Requirements

Agent Handlers can be installed on virtual infrastructure systems, such as VMware ESX.

Their hardware and software requirements and CPU load are approximately the same as an ePO server.

Important Notes

• Agent Handlers (AH) are NOT a solution to low bandwidth.

• An additional Agent Handler with low bandwidth to the SQL server has WORSE performance than just having agents connect to the ePO server.

• A single Agent Handler with a poor connection to SQL will have a massive performance impact on the whole ePO infrastructure, not just the clients it is handling.

  • When one AH is interacting with the database, the other AHs are locked out. The AH with the poor connection locks the database for large amounts of time, preventing the other AHs from working.

• Agent Handlers MUST have a high-speed connection to the SQL server and a stable connection to the SQL server database.

• If the database serving the ePO server is under heavy load, adding Agent Handlers will not help.

• You may need to upgrade your SQL server hardware to take advantage of multiple Agent Handlers.

• Agent Handlers should be co-located with the SQL server and never installed in “remote” locations.

Required Ports

Installing the Agent Handler server hardware, software, and configuring the firewall ports are the first steps before using ePO to manage systems behind a DMZ.

1. Build the Agent Handler server hardware with the Microsoft Windows server Operating System.

2. In the DMZ of your firewall protected network, install the Agent Handler server hardware and Microsoft Windows server operating system.

3. Configure your Domain Name System (DNS) server to host the Agent Handler server to the internal ePO network.

4. Configure these ports on the internal-facing firewall to communicate between the ePO server and the Agent Handler in DMZ:

   1. Port 80 — Bidirectional

   2. Port 8443 — Bidirectional

   3. Port 8444 — Bidirectional

   4. Port 443 — Bidirectional

5. Optional: If your SQL database is installed on a different server than your ePO server, configure these two ports on the internal-facing firewall to connect to the Agent Handler:

   1. Port 1433 TCP — Bidirectional

   2. Port 1434 UDP — Bidirectional

6. Configure these ports on the public-facing firewall to communicate between the ePO server and the Agent Handler in the DMZ:

   1. Port 80 TCP — Inbound

   2. Port 443 TCP — Inbound

   3. Port 8081 TCP — Inbound

   4. Port 8082 UDP — Inbound

Now you have installed your Agent Handler hardware and server operating system in the DMZ. Plus, you configured all ports to connect through the firewall, between the ePO server and database to the Agent Handler server.

See KB66797(opens in a new tab) for additional information regarding ePO port requirements for firewall traffic.

Agent Handler Deployment

The figure below shows the workflow for an Agent Handler deployment.

Updating the ePO Server and the Agent Handlers

The ePO server and the Agent Handler must be at the same patch level. The Agent Handler checks the database version every 30 seconds and disables itself if a different schema is found.

Configuring Agent Handlers

After the installation is complete, your next step is to set up Agent Handlers in your network and assign Trellix Agents to them. Agent handler management is performed from the Agent Handlers page.

Tasks

• Create Agent Handler groups

• Manage Agent Handler groups

• Assign Trellix Agents to Agent Handlers

• Manage Agent Handler assignments

• Move agents between handlers

Agent Handlers Page

Menu > Configuration > Agent Handlers

---

The Agent Handlers page consists of four monitors:

1. Handler Status: Specifies the number of active and out-of-date handlers

2. Systems per Agent Handler: Specifies the number of agents assigned to each Agent Handler

3. Handler Groups: Specifies the number of Agent Handler groups that the ePO server manages

4. Handler Assignment Rules: Displays the list of Agent Handler assignments in your environment, their priority, and details about rule settings

Click the active areas in each monitor to drill down and view more details about the systems informing each monitor.

Actions within the Agent Handler Confirmation page are: At the top of the page:

• New Assignment: Opens the Agent Handler Assignment page. Use this to create a new Agent Handler Assignment

• Edit Priority: Opens the Edit Priority page. Use this page to change priority of the Agent Handler Assignments

By using the Actions Button in the Handler Assignment Rules window:

• Import: Imports a previously exported Agent Handler Assignment list

• Export: Opens the Download Agent Handler Assignment page. Use this to download an xml file containing the Agent Handler Assignment list

Handler Assignment Rules: Row Actions: Specifies the actions you can perform on selected Agent Handler assignments, including:

• To Edit: Click the blue hyperlink Assignment name to open the Edit Assignment page. Use this to edit the settings of the selected Agent Handler Assignment

• Delete: Deletes the selected agent

Certificate Manager

As discussed in the previous lesson, the Certificate Manager is another part of the basic server configuration. The latest certificates are loaded by default with a fresh installation of ePO, but if you have upgraded from an older version of ePO, ensure you migrate the ePO certificates to the latest hash algorithm.

Menu > Configuration > Certificate Manager

---

The Certificate Manager allows you to:

• Migrate certificates that are signed by older signing algorithm to the new algorithm such as SHA-1 to SHA-256

• Regenerate your certificates when your existing certificates are compromised due to vulnerabilities in your environment

• Migrate or regenerate certificates for managed products that are derived from ePO root CA

Registered Executables

The registered executables you configure are run when the conditions of a rule are met. Automatic Responses trigger the registered executable command to run.

Menu > Configuration > Registered Executables

---

• You can only run registered executable commands on console applications.

• You must be on the local server system when adding or editing a registered executable in the ePO console.