Topic: How to enable Artemis Technology in VirusScan Enterprise (8.5i and 8.7i)

[Triden]

By default, Artemis Technology is disabled in VirusScan Enterprise (VSE).

VSE 8.5i and 8.7i are capable of utilizing Artemis Technology. This technology is not supported for earlier versions of VSE.

Details for each version are explained in this article, including:

    * How to enable Artemis for VSE 8.5i and 8.7i
    * How to leverage reporting features to verify that Artemis is enabled across your enterprise
    * Other related information

The KnowledgeBase article: KB50192 references SuperDATs. There are links in the "Related Information" section for more information on SuperDATs.

Video Tutorial
NOTE: Adobe Flash Player is required. For further details, go to: http://www.adobe.com/products/flashplayer/

To view a list of tutorials, go to the McAfee ServicePortal at http://mysupport.mcafee.com/Eservice/Default.aspx and click View Tutorials.

To view this tutorial, see:

TU30131 - McAfee Artemis Technology in VirusScan Enterprise
Solution 1
VirusScan Enteprise 8.7i
Artemis settings can be managed either locally or via ePolicy Orchestrator (ePO) for On-Demand scanning and On-Delivery Email scanning. This is shown in the respective user interface as Heuristic network check for suspicious files. With Patch 1 and later, you can also manage Artemis settings for On-Access scanning.


VSE 8.7i (unpatched) and earlier
For On-Access scanning, the feature can be enabled via a SuperDAT package (a self-executing script) attached to this article. The SuperDAT package will enable and set the Artemis Technology to the required sensitivity level for VSE 8.7i On-Access scanning. This package can also be distributed via ePolicy Orchestrator (see article KB50192).
 
NOTE: For systems running VSE 8.5i, the same SuperDAT package also applies settings to the same sensitivity level for On-Access, On-Demand, and On-Delivery email scanning.
 
Reporting of Artemis settings is not possible prior to Patch 1.
 

VSE 8.7i Patch 1 and later
The release of VSE 8.7i Patch 1 (expected Release To Support: end of April 2009, release for General Availability: end of May 2009) includes updated manageability and reporting capability with respect to the Artemis Technology:

    * Updated manageability means you will be able to configure the desired sensitivity level (Heuristic network check for suspicious files) for the On-Access Scanner. This is in addition to configuring the setting for On-Demand and Email Scanners. SuperDAT packages will no longer be required for managing Artemis for 8.7i Patch 1 and later.
      
    * Reporting capability means the three scanners (On-Access, On-Demand, On-Delivery Email) will have their Artemis Technology sensitivity level captured during property collection and reported back to the ePO database, and viewable in reports that show Artemis coverage for the ePO managed environment.

Solution 2
VirusScan Enterprise 8.5i
This version does not contain user interface options for configuring the Artemis Technology, locally or via ePO. Artemis Technology can be enabled with a SuperDAT package (a self-executing script) attached at the bottom of this article. This package can also be distributed via ePolicy Orchestrator.
 


To deploy SDAT packages via ePolicy Orchestrator

    * ePolicy Orchestrator 4.0

      Refer to the ePolicy Orchestrator (ePO) Product Guide (PD20053) for information on how to check in software to your repository.

      NOTE: The package type in this case is a SuperDAT, rather than Product or Extra.DAT.

      Example:
         1. Logon to the ePO console and click Software.
         2. Click Check in Package and select Super DAT (.EXE).
         3. Browse to locate the Artemis SuperDAT package you want to distribute.
         4. Click Next and finish the remainder of the check-in wizard.
            The SuperDAT is retrieved by clients on their next update.

            
    * ePolicy Orchestrator 3.6.1

      Ensure you have installed the latest Patch available for ePolicy Orchestrator 3.6.1. Not doing so causes SuperDAT packages to fail.


      For downloading products, Service Packs, Patches, hotfixes or documentation:
      Visit the McAfee website (http://www.mcafee.com). For instructions, see KnowledgeBase document KB54808.

      For downloading Patches only:
      Visit the McAfee ServicePortal (https://mysupport.mcafee.com). For instructions, see KnowledgeBase document KB56057.



      Refer to the ePolicy Orchestrator (ePO) Product Guide (PD20044) for information on how to check software into your repository.

      NOTE: The package type in this case is a SuperDAT, rather than Product or Extra.DAT.

      Example:

         1. Log on to the ePO console and click  the Repository from the console tree.
         2. In the details pane under Autoupdate Tasks, click Check in package.
         3. The check-in package wizard is launched.
         4. Click Next and select the package type SuperDAT.
         5. Click Next and locate the Artemis SuperDAT package you want to distribute.
         6. Click Next and finish the remainder of the check-in wizard.

            

The SuperDAT package enables and sets the Artemis Technology to the desired sensitivity level of VSE 8.5i for On-Access scanning, On-Demand scanning, and On-Delivery Email scanning. There are currently no plans to build user interface options for enabling and configuring Artemis for this version of VSE.
 
NOTE: If VSE 8.7i is also in the environment, the package enables and sets the Artemis Technology for the On-Access scanner to the same level.


VSE 8.5i Patch 7 and earlier
The SuperDAT package will enable Artemis Technology for any installed version of VirusScan Enterprise 8.5i, regardless of Patch level. Reporting of Artemis settings is not possible prior to Patch 8 however.


VSE 8.5i Patch 8 and later
The release of VSE 8.5i Patch 8 added reporting capability of the Artemis Technology. This release does not include updated manageability via ePolicy Orchestrator as VSE 8.5i will continue to rely on SuperDAT packages to manage Artemis settings.

    * Reporting capability means the three scanners (On-Access, On-Demand, On-Delivery Email) have their Artemis Technology sensitivity level captured during property collection and reported back to the ePO database, and viewable in reports that show Artemis coverage for the ePO managed environment.

Solution 3
ePolicy Orchestrator
When checking in packages to ePolicy Orchestrator (ePO), there are three options; Current, Previous and Evaluation. The default is for all clients to use Current . To stage rollouts, you can assign a group of computers to update from evaluation. You can then check in the SuperDAT as evaluation.

NOTE: You can only roll out Artemis Technology to VSE 8.7i and later using ePO 3.6 or later. Rollouts to VSE 8.5i and earlier using ePO are not supported.
 
 
To enable Artemis Technology in VSE 8.7i using ePO 4.0:
 
On-Delivery Email Scan policy:

   1. Launch ePO and click the Systems tab.
   2. Click the Policy Catalog tab and select VirusScan Enterprise 8.7.0 On Delivery Email Scan Policy.
   3. Select to edit the policy for Server or Workstation.
   4. Select the Scan Items tab and under Heuristic network check for suspicious files, select the Sensitivity level.
   5. Save the policy.

On-Demand Scan task:

   1. Launch ePO and click the Systems tab.
   2. Click the System Tree tab, the Client Tasks tab and click New Task.
   3. Type a new name and select the On Demand Scan (VirusScan Enterprise 8.7.0) task type.
   4. Click Next and select the Performance tab.
   5. Under Heuristic network check for suspicious files, select the Sensitivity level.
   6. To schedule the task to run, click Next.
   7. To review and save the task, click Next.

On-Access Scan policy (Patch 1 for VSE 8.7i required):

   1. Launch ePO and click the Systems tab.
   2. Click the Policy Catalog tab and select VirusScan Enterprise 8.7.0 On Access Scan Policy.
   3. Select to edit the policy for Server or Workstation.
   4. Select the Scan Items tab and under Heuristic network check for suspicious files, select the Sensitivity level.
   5. Save the policy.


To enable Artemis Technology  in VSE 8.7i using ePO 3.6.1:

On-Delivery Email Scan policy:

   1. Launch ePO and from the ePO directory structure, select the Policies tab.
   2. For the On Delivery Email Scan policy, click Edit.
      If one does not exist; click New Policy type a new name and click OK.
   3. To edit a Policy, click the relevant Policy Name.
   4. Select to edit the policy for Server or Workstation.
   5. Select the Detection tab and under Heuristic network check for suspicious files, select the Sensitivity level.
   6. Save the policy.

On-Demand Scan policy:

   1.
      From the ePO directory structure, select the Tasks tab, then right-click Schedule Task.
   2.
      Type a new task name, select VirusScan Enterprise 8.7 On Demand Scan task, and click OK.
   3.
      Right-click the task and select Edit Task.
   4.
      Click Settings, select the Advanced tab and verify the Inherit check box has not been selected.
   5.
      Under Heuristic network check for suspicious files, select the desired Sensitivity level.
   6.
      Click OK, and OK again.

On-Access Scan policy (Patch 1 for VSE 8.7i required):

   1. Launch ePO and from the ePO directory structure, select the Policies tab.
   2. For the On Access Scan policy, click Edit.
      If one does not exist; click New Policy type a new name and click OK.
   3. To edit a Policy, click the relevant Policy Name.
   4. Select to edit the policy for Server or Workstation.
   5. Select the Detection tab and under Heuristic network check for suspicious files, select the Sensitivity level.
   6. Save the policy.

Solution 4
To configure Artemis settings in VSE 8.7i locally:

On-Demand Scan policy:

   1. Click Start, Programs, McAfee, VirusScan Console.
   2.
      Double-click On-Demand Scan. If necessary, select the Performance tab.
   3.
      Under Heuristic network check for suspicious files, set the desired Sensitivity level.
   4.
      Click OK.

On-Delivery Email Scan policy:

   1.
      Click Start, Programs, McAfee, VirusScan Console.
   2.
      Double-click On-Delivery Email Scan If necessary, select the Scan Items tab.
   3.
      Under Heuristic network check for suspicious files, set the desired Sensitivity level.
   4.
      Click OK.

On-Access Scan policy (Patch 1 for VSE 8.7i required):

   1.
      Click Start, Programs, McAfee, VirusScan Console.
   2.
      Double-click On-Access Scan If necessary, select the Scan Items tab.
   3.
      Under Heuristic network check for suspicious files, set the desired Sensitivity level.
   4.
      Click OK.

The Superdat ZIP can be found at the bottom of the KB page linked below.

https://kc.mcafee.com/corporate/index?page=content&id=KB53732

and here http://www.megaupload.com/?d=0VMXI7J4

[Samker]

Thanks T., very good Tip... 

[mindfrost82]

I just saw this as well.  I wonder how well it really works.  I have almost every Access Protection rule enabled, but it blocks lots of things and its a pain to turn it off every time.  If this works good, then I would go back to Standard Protection and let this thing do its job.  Anyone try it yet?

[Samker]

I was test this version for few days...

It was downgrade my McAfee Scan Engine to some 5300+ version and I don't notice any problem.

Now I again use version 5400: http://scforum.info/index.php/topic,2865.0.html

[dave]

tnx

[b_gates]

thanxxxxxxxxxx

[stations]

nice info... i like.

[xtremeboyz]

 

[tuyugi007]

I know thxx you

[amitraina]

thnks for this