Professional Documents
Culture Documents
COPYRIGHT
Copyright 2012 McAfee, Inc. Do not copy without permission.
TRADEMARKS
McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator,
McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab,
McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection,
TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States
and other countries. Other names and brands may be claimed as the property of others.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR
A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS
SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
Contents
Introducing McAfee Vulnerability Manager ..................................................... 6
Audience ........................................................................................................................ 24
Process overview ............................................................................................................. 24
McAfee Vulnerability Manager architecture .......................................................................... 24
How the pieces fit together ............................................................................................... 25
Installing and configuring McAfee Vulnerability Manager on a single server ............................. 25
Creating your first vulnerability scan and report .................................................................. 28
Post-installation activities ................................................................................................. 30
iii
Contents
Back up the SQL server database using SQL Server Management Studio ................................ 65
Backing up the Windows registry ....................................................................................... 66
Upgrading Microsoft SQL Server 2000 ................................................................................ 67
Microsoft SQL server 2005 installation settings.................................................................... 68
Changing the Microsoft SQL memory settings ..................................................................... 69
Microsoft SQL server 2008 and 2008 R2 installation features ................................................ 69
Restoring the Windows registry ......................................................................................... 70
Restoring the McAfee Vulnerability Manager database .......................................................... 70
Upgrading from a previous version .................................................................................... 72
Merging the config.ini and php.ini files ......................................................................... 74
Starting and stopping the SQL server database ............................................................. 74
Rerunning scans ....................................................................................................... 75
Microsoft Windows Server 2003 upgrade support ................................................................ 75
Upgrading appliances ....................................................................................................... 75
iv
Contents
Installation checklist
These are the basic steps for preparing your network and installing McAfee Vulnerability Manager 7.5.
Each step is explained in further detail later in this guide.
Upgrade instructions
For users who are upgrading from a previous version of the product, follow the instructions in
Upgrading to McAfee Vulnerability Manager 7.5 (on page 63).
Custom installation
For users who want to install McAfee Vulnerability Manager on a more than one server. This
installation process requires some planning and configuration for proper installation.
Scope out the size and shape of your network. Take special note of geographic challenges and
firewalls.
Determine which deployment architecture to use, based on the size and accessibility of the
network. If a scan engine needs to access the entire network, are there any barriers?
Using the system requirements guidelines for your chosen architecture, acquire systems and
software to host the McAfee Vulnerability Manager servers.
For details about pre-installation planning, see Before you install McAfee Vulnerability Manager (on page
31).
Note: McAfee Vulnerability Manager does not support installation on a system with an underscore in
the host name.
Install Microsoft SQL Server (see "Preparing the database server" on page 32) and its latest
service pack on the database server. Make sure that it is fully functional, and that the system
administrator (SA) password is available.
On the web server, install Microsoft IIS Web Server (see "Preparing the web server" on page 35)
and its latest security patches.
For details about preparing your servers, see System component preparation (on page 32).
Run the McAfee Vulnerability Manager 7.5 installation program on each server.
For more information, see How to install McAfee Vulnerability Manager 7.5 (see "McAfee Vulnerability
Manager 7.5 installation" on page 35).
On one scan engine, run the McAfee Vulnerability Manager 7.5 update program (see "McAfee
Vulnerability Manager Update" on page 51) to get the latest vulnerability updates. This updates
the database and any other scan engines connected to it.
Register McAfee Vulnerability Manager 7.5 to activate it (see "Register McAfee Vulnerability
Manager 7.5" on page 56). You have 60 days to use McAfee Vulnerability Manager 7.5 before the
product ceases to function.
Harden your servers (see "Hardening your servers" on page 61) to comply with your organization
security policies.
Maintain your database with regular backups and updated statistics to keep it running at optimal
performance.
For more information, see Configuring your servers (on page 51).
Enterprise manager Uses Microsoft Internet Information Services (IIS) to provide authorized
users with access to McAfee Vulnerability Manager through their web browsers. It allows them to
manage and run the product from anywhere on the network. Access is protected by user
identification and authentication. Set up Secure Socket Layers (SSL) through the web server to
provide encrypted communication to browsers.
Scan engine Scans the network environment. Depending on the logistics and size of your
network, you might need more than one scan engine to scan the network.
Scan controller Provides the communication between the scan engine and the database. Most
network environments only need one scan controller. For a large network (class A) or segmented
network (WAN), use multiple scan controllers.
Database The data repository for the product. It uses Microsoft SQL Server to store everything
from scan settings and results to user accounts and scan engine settings. It contains all of the
information needed to track organizations and workgroups, manage users and groups, run scans,
and generate reports.
API server Provides the communication between the enterprise manager and the database.
Notification service Provides SNMP and email (SMTP) notification messages for integration
with third-party help desk management systems and email servers.
Data synchronization service Gathers information from McAfee ePO databases, LDAP servers,
and other McAfee Vulnerability Manager 7.5 databases. For McAfee ePO databases, it provides
data to the product for host and OS identification. For LDAP servers, it provides assets you can
add to scan configurations. For other McAfee Vulnerability Manager databases, it provides scan
data.
Report engine Generates scan-based and asset-based reports.
Configuration manager Distributes initial certificates to the other product components and
manages the updates to the product components.
Web application scanner Provides a scan configuration, vulnerability checks, and scan reports
for web applications. The web application scanner is a module that must be purchased.
Audience
This information is intended for network administrator responsible for installing and configuring
software on network servers.
After a product is released, information about the product is entered into the McAfee online
KnowledgeBase at http://mysupport.mcafee.com.
Number of servers
Notes
0 2,500
2,500
10,000
10,001
20,000
Number of
live IPs
Number of servers
Notes
20,001 >100,000
10
Other network traffic (business-critical data/sessions). Any active scanning technology, such as
McAfee Vulnerability Manager, sends some amount of data to assets on the network. This is an
unavoidable consequence of any vulnerability scanning technology. McAfee Vulnerability Manager
provides robust and detailed controls that allow customers to optimize the scanning behavior and
speed of McAfee Vulnerability Manager. The product has default settings that have proved safe
and effective in most networks. However, no matter how McAfee Vulnerability Manager is
deployed and configured, you should always pay attention to network segments, WAN links,
firewalls, and so on, where particularly important data is passing. Consider a remote site that is
transmitting transactions from a website through a congested or slow WAN link during local
business hours. Since this system only operates during certain hours, you should configure scans
so that the environment is scanned while the web server is not processing transactions and not
relying on bandwidth on the WAN link.
Security or performance. When two product servers are used, McAfee recommends that you deploy
the enterprise manager on one system and the other product components on the second system.
This provides more security because the enterprise manager can be placed outside your firewall,
so users can access it, while the second system can be placed inside the firewall to gather
accurate data from scanned systems. However, having the scan engine and scan controller on the
same system as the database can slow performance, based on the amount of data being
processed. To improve performance when using two product servers, you could separate the scan
engine and scan controller from the database. For example: the enterprise manager, scan engine,
and scan controller on one system and the database and other McAfee Vulnerability Manager
components on the second system.
Requirement
Processor
Memory
4 GB RAM
Disk space
160 GB Partition
Dedicated system
Yes
Administrator account
McAfee Vulnerability Manager 7.5 Installation Guide
11
Component
Requirement
NTFS
Network card
Ethernet
The Foundstone Configuration Agent requires administrator rights to start and stop services. If
the logged in user does not have administrator rights, McAfee Vulnerability Manager might not
function properly.
Microsoft SQL Server
Microsoft SQL Server 2005 Service Pack 4 and later (32-bit and 64-bit)
Microsoft SQL Server 2008 Service Pack 1 and later (32-bit and 64-bit)
Microsoft SQL Server 2008 R2 Service Pack 1 and later (32-bit and 64-bit)
Microsoft SQL Server 2008 R2 Express Service Pack 1 and later (64-bit)
Also:
MDAC 2.8
Note: McAfee Vulnerability Manager does not support installing the database with .NET 4.0. If you
must use .NET 4.0, install the database first.
Note: If you change the network settings on the server running the scan engine, the system should
be restarted or the scan components must be restarted.
Operating system requirements for all McAfee Vulnerability Manager 7.5 servers
Windows Server 2008 R2, without a service pack, or with Service Pack 1 or later. McAfee
Vulnerability Manager only supports English operating systems.
The Foundstone Configuration Agent requires administrator rights to start and stop services. If the
logged in user does not have administrator rights, McAfee Vulnerability Manager might not
function properly.
Note: To ensure scan accuracy and device communication, McAfee recommends specifying a static IP
address.
Note: McAfee Vulnerability Manager components require an Internet Protocol version 4 (IPv4)
address to properly communicate. Systems running product components must have an IPv4 address
and can have an IPv6 address to facilitate scanning IPv6 targets.
12
Requirement
Processor
Memory
4 GB RAM
Disk space
80 GB Partition
Additional software
IIS 7.5
Current IIS security patches
World Wide Web Publishing must be
running
Dedicated system
Yes
Administrator account
NTFS
Network card
Ethernet
Requirement
Processor
Disk space
160 GB Partition
Tip: 250 GB of disk space is recommended for
large networks.
Memory
4 GB
Additional software
Also:
All SQL hotfixes and patches
All .NET hotfixes and patches
Yes
Virtual memory
4 GB minimum
NTFS
900 MB
13
Component
Requirement
Network card
Ethernet
When the database is the only component on the system, set the Maximum SQL memory to 1.4
GB.
When the database and the Report Server are both running on the same system, use 900 MB.
When the database and the scan engine are both running on the same system, use 750 MB.
Note: McAfee Vulnerability Manager does not support installing the database with .NET 4.0. If you
must use .NET 4.0, install the database first.
Requirements
Processor
Memory
4 GB RAM
Disk space
80 GB Partition
Additional software
MDAC 2.8
Dedicated system
Virtual memory
4 GB minimum
NTFS
Required services
Network card
Ethernet
Note: Microsoft Windows does not allow the hostname and user name to be the same. Do not use
FS as the hostname for the system running the scan engine.
Note: If you change the network settings on the server running the scan engine, the system should
be restarted or the scan components must be restarted.
Requirements
Memory
2 GB RAM
Disk space
80 GB Partition
Additional software
Dedicated system
No
Network card
Ethernet
MDAC 2.8
SQL Client Tools
Note: The scan controller provides communication between the scan engines and the database.
McAfee Vulnerability Manager 7.5 Installation Guide
14
Requirements
Memory
1 GB RAM
Disk space
80 GB Partition
Additional software
MDAC 2.8
Dedicated system
No
Network card
Ethernet
Requirements
Memory
1 GB RAM
Disk space
80 GB Partition
Additional software
MDAC 2.8
Dedicated system
No
Network card
Ethernet
Requirements
Memory
1 GB RAM
Disk space
80 GB Partition
Additional software
MDAC 2.8
Dedicated system
No
Network card
Ethernet
Note: To provide notifications through email, this server must have access to the email relay server
on your network.
Requirements
Memory
1 GB RAM
Disk space
80 GB Partition
Additional software
MDAC 2.8
15
Component
Requirements
Dedicated system
No
Network card
Ethernet
Requirements
Memory
2 GB RAM
Disk space
80 GB Partition
Additional software
MDAC 2.8
Dedicated system
Network card
Ethernet
Browser requirements
Depending on the network settings, authorized users can access McAfee Vulnerability Manager
through the web browser from anywhere.
If you are upgrading to McAfee Vulnerability Manager 7.5, users should clear their web browser cache
to ensure updated pages display properly.
Microsoft Internet Explorer 8.0 or 9.0 running on a Microsoft Windows operating system.
The recommended minimum screen resolution is 1024 x 768.
Note: Searching for vulnerabilities in large reports might take a long time to complete. Use
Microsoft Internet Explorer 9.0 for the best results.
16
McAfee recommendations
Install the latest service packs for your browser and operating system.
Disable third-party pop-up blockers, web filters, and other extensions because these products can
interfere with the ability to display certain pages in the enterprise manager.
Install the Trusted Site Certificate (page 62) for all users accessing the enterprise manager.
Turn off Display intranet sites in compatibility View.
Note: Large fonts are not supported in Internet Explorer.
Click OK.
Network requirements
McAfee Vulnerability Manager components use the network ports and protocols listed in the following
tables. If a firewall separates components, these ports and protocols must be opened in your firewall
configuration before you install McAfee Vulnerability Manager 7.5.
The network requirements diagrams use a distributed deployment architecture to display
communication paths. If you use a different deployment architecture, be sure to note which system is
running a McAfee Vulnerability Manager component, and use the port number and communication
path specified in the communication path tables.
The network requirements diagrams are separated into two groups: connecting McAfee Vulnerability
Manager components and connecting to external components. External components include other
databases, McAfee ePO databases, LDAP or Active Directory servers, and external ticketing or issue
management systems.
17
Title
Description
System 1 Enterprise
manager
Enterprise manager
System 3 Database*
Scan controller
API server
Scan engine
Data synchronization
service
Notification service
Database
Configuration manager
Report engine
Scan engine
Authenticated User
Assessment management
search results
Ports: 443 or 80
Port: 3800
API service
Port: 1433
(SSL over) TCP/IP
Scan data
Port: 1433
(SSL over) TCP/IP
McAfee Vulnerability Manager 7.5 Installation Guide
18
Data synchronization
service**
Port: 1433
Notification service***
Port: 1433
Scan data
Port: 1433
(SSL over) TCP/IP
Report data
Port: 1433
(SSL over) TCP/IP
10
Generating reports or
Ports: 3802
changing report templates
REST over HTTPS or HTTP
11
Generated reports
Ports: 443 or 80
REST over HTTPS or HTTP
12
Ports: 443 or 80
HTTPS or HTTP
*Changing the location of the configuration manager requires a communication path between the
configuration manager and the database, using Port: 1433, (SSL over) TCP/IP.
**Changing the location of the data synchronization service changes the communication path(s)
displayed in this diagram.
***Changing the location of the notification service changes the communication path(s) displayed in
this diagram.
Note: All McAfee Vulnerability Manager components have an FCM Agent installed. The
communication between each FCM Agent and the configuration manager server is Port: 3801, (SSL
over) TCP/IP.
19
Title
Description
Notification service*
Scan controller
API server
Scan engine
Data synchronization
service
Notification service
Port: 162
SNMP
Notification service*
Port: 161
SNMP
Notification service*
Port: 25
SMTP
Data synchronization
service**
Port: 389
Data synchronization
service**
Port: 1433
LDAP
20
*Changing the location of the notification service changes the communication path(s) displayed in this
diagram.
**Changing the location of the data synchronization service changes the communication path(s)
displayed in this diagram.
Deployment architectures
When installing McAfee Vulnerability Manager 7.5 components on multiple servers, use these general
guidelines to help determine the best setup for your network:
Dual-server architecture
This architecture is appropriate for small to medium (class C and class B) networks. The scan
controller, scan engine and the database are installed on the same server; the enterprise manager is
installed on its own server. This allows fast, efficient communication between the scan controller, scan
engine, and database while a dedicated server runs the enterprise manager interface for your users.
Web portal
Report engine
Scan controller
Scan engine
API server
Notification service
Data synchronization service
Database
Configuration Manager
21
Three-server architecture
This architecture is designed for large, global enterprises, and is appropriate for scanning multiple
class B and class A networks. In this configuration, all three components reside on individual servers.
Web portal
Scan controller
Scan engine
API server
Notification service
Data synchronization service
System 3: Database
Database
Report engine
Configuration manager
22
Web portal
System 2:
API server
Scan controller
Scan engine
API server
Notification service
Data synchronization
service
System 4:
Report server
Report engine
System 3:
Database
Database
Configuration manager
System 5:
Scan engine
Scan engine
23
An outline of the overall process necessary to conduct your first vulnerability scan
A high-level overview of the McAfee Vulnerability Manager architecture
How the pieces fit together
A checklist to help you install and configure McAfee Vulnerability Manager to run on a single
appliance
A checklist to help you conduct your first vulnerability scan and produce a report
Note: McAfee Vulnerability Manager does not support installation on a system with an underscore in
the host name.
Audience
This chapter is designed for the new user installing McAfee Vulnerability Manager on a single server
(also known as Standard or an All-in-One). If you need to install McAfee Vulnerability Manager on
more than one server, review later chapters in this document for more information.
Process overview
There are several steps necessary to set up and configure McAfee Vulnerability Manager and begin
scanning. This list highlights the general steps:
1
Install and configure McAfee Vulnerability Manager 7.5 on a single system (All-in-One)
24
Other McAfee Vulnerability Manager configuration applications and services include a scan controller,
an API service, a reporting service, a notification service, configuration manager, an update service,
and data synchronization.
In large enterprises, scanning hundreds of thousands of assets, these components and services
should be installed on three to five separate appliances. This process is described in later sections of
this guide, and is not be the focus of this chapter.
However, for most customers not scanning hundreds of thousands of assets, a simpler approach is
adequate. Either a single server or two servers (database separate) provides sufficient capacity. This
chapter takes you through the process of installing McAfee Vulnerability Manager on a single server.
25
Setting
Components to
Install
Instance Name
Service Account
Authentication Mode
Collation Settings
After the installation has completed, McAfee recommends that you restart the computer before using
SQL Server. Then, make sure the system has the latest SQL server service pack.
26
After the installation finishes, McAfee recommends that you restart the computer to begin using SQL
Server. Then, make sure you have the latest SQL server service pack.
Run the McAfee Vulnerability Manager installation program. The Welcome to McAfee
Vulnerability Manager screen appears. Click Next. The end user license agreement appears.
Read the end user license agreement. Select Accept, then click Next. The Select Installation
Type screen appears.
Select the database server where you want to install the database.
Note: For 64-bit operating systems, you must type in the database server name.
You must have administrative access to the SQL database to install the database. You can select
Windows authentication or SQL Server authentication. If you select SQL Server authentication,
type the SQL database credentials.
Click Next.
Click Install to install McAfee Vulnerability Manager. Since all components are installed on one
server, there is no need to change any settings on the Installation Settings page.
10 When the installation process is complete, click Finish. A message states that a system restart is
required.
11 Click OK to restart the system.
Note: When installing McAfee Vulnerability Manager on Windows 2008 R2, a FS user account is
created and appears on the logon screen. The FS account is reserved for the McAfee Vulnerability
Manager scan engine and should not be used or modified.
27
The McAfee Vulnerability Manager single server system is configured and you can create your first
vulnerability scan, run it, and review the results.
Note: Any changes made to the server hosting the McAfee Vulnerability Manager web portal (e.g.
system name or domain name) after installation requires a manual change to the shortcut on the
desktop.
Open the new scan window and select a McAfee Vulnerability Manager template.
Select Scans | New Scan, the Scan Details window appears. Select Use a McAfee
Vulnerability Manager template and a list of available McAfee Vulnerability Manager templates
appears. Select Full Vulnerability Scan and click Next. The window displays the scan
configuration tabs.
28
Give the scan configuration a name and select your scan targets.
Type First Vuln Scan in the Name field. Type the IP address(es) you want to scan by either
typing individual host names or IP addresses using the Host Name field, or type an IP range
using the Starting IP Address and Ending IP Address fields. Click the plus icon (+) to include
the IP addresses and host names to your scan configuration. Click Next and the Settings tab
appears. Accept the defaults for your first scan. Click Next. The Reports tab appears.
29
Post-installation activities
After McAfee Vulnerability Manager is installed and generating reports, review the Post Installation
Activities (see "Configuring Your Servers" on page 51) to finalize your McAfee Vulnerability Manager
configuration. Post installation activities include registering McAfee Vulnerability Manager, setting up
McAfee Vulnerability Manager Update, and hardening your servers.
30
The enterprise manager uses Microsoft Internet Information Services (IIS) to provide authorized
users with access to McAfee Vulnerability Manager 7.5 through their web browsers. It allows them
to manage and run McAfee Vulnerability Manager 7.5 from anywhere on the network. Access is
protected by user identification and authentication. Secure Socket Layers (SSL) can be set up
through the web server to provide encrypted communications to browsers.
One or more scan engines scan the network environment. Depending on the logistics and size of
your network, you might need more than one scan engine to scan the network.
Note: If you change the network settings on the server running the scan engine, the system
should be restarted or the scan components must be restarted.
The API server provides the communication between the enterprise manager and the database. It
is recommended that the API server is installed on one of the scan engines.
The scan controller provides the communication between the scan engine and the database. It is
recommended that the scan controller is installed on one of the scan engines.
The database is the data repository for the McAfee Vulnerability Manager system. It uses Microsoft
SQL Server to store everything from scan settings and results to user accounts and scan engine
settings. It contains all of the information needed to track organizations and workgroups, manage
users and groups, run scans, and generate reports.
Each component can be on its own dedicated server, although it is possible to combine the scan
engine and database when installing on smaller networks. Each server should contain a fresh
installation of the operating system with updated security patches. Do not run any other major
applications on these servers.
Users log onto the enterprise manager through their web browser to access the system.
Note: To ensure scan accuracy and device communication, McAfee recommends specifying a static IP
address.
31
Additional modules
Four additional modules are available in McAfee Vulnerability Manager 7.5. These modules can be
installed with other McAfee Vulnerability Manager components. See System requirements and
architectures (on page 9) section for further details.
The configuration manager distributes initial certificates to the other McAfee Vulnerability Manager
components and manages updates to the various components of McAfee Vulnerability Manager.
The notification service provides SNMP and email (SMTP) notification messages for integration
with third-party helpdesk management systems and email servers. The notification service can be
installed on any server that meets the system requirements it does not have to be installed on a
server running other McAfee Vulnerability Manager components.
The report engine generates both scan-based and asset-based reports.
The data synchronization service gathers information from McAfee Vulnerability Manager
databases, ePO databases and LDAP servers. For McAfee Vulnerability Manager databases, it
provides scan data and asset information to be imported from another McAfee Vulnerability
Manager database. For ePO databases, it provides data to McAfee Vulnerability Manager for host
and OS identification. For LDAP servers, it provides assets that can be added to scan
configurations.
32
Setting
Components to
Install
Instance Name
Service Account
Authentication Mode
Collation Settings
After the installation finishes, McAfee recommends that you restart the computer to begin using SQL
Server. Then, make sure you have the latest SQL server service pack.
33
Select Start | Programs | Microsoft SQL Server | SQL Server Management Studio.
Select Memory.
Change the Maximum Server Memory to two-thirds the maximum server memory.
Click OK.
After the installation finishes, McAfee recommends that you restart the computer to begin using SQL
Server. Then, make sure you have the latest SQL server service pack.
Make sure your systems meet the minimal system requirements. For more information, see
System Requirements (see "System Requirements and Architectures" on page 9).
If MDAC 2.8 is not installed on the scan engine, download and install the latest MDAC from the
Microsoft website. McAfee Vulnerability Manager 7.5 does not install without this required
component.
Note: The installation program checks for the Microsoft Windows Script 5.7 and installs it if
necessary. This program can be updated by the Windows Update Program through the Internet
Explorer web browser.
34
Windows 2003
On Windows Server 2003, IIS version 6.0 is installed by default.
Windows 2008 R2
On Windows Server 2008 R2, IIS version 7.5 is not installed by default.
1
35
Run the McAfee Vulnerability Manager installation program. The McAfee Vulnerability Manager
- Welcome screen appears.
Read the agreement, select Accept, then click Next. The Select Installation Type page
appears.
Select Advanced, then click Next. The Select Installation Type page appears.
Select an Architecture type, then select the System you are installing onto the server.
See Deployment Architectures (page 21) for suggestions on how to set up your servers.
The installation program runs a system check to ensure that all critical and non-critical
dependencies are met. If any of the dependency checks fails, you must resolve the issue before
you can install McAfee Vulnerability Manager. To resolve a dependency check, you must exit the
installation program, fix the issue, then rerun the installation program.
Click Next.
The Architecture and System you selected to install determines what information you must create
or provide. See Information needed during installation (page 37) table for the information you need.
Type McAfee Vulnerability Manager information and click Next until the Installation Settings
page appears.
Review the installation settings and make sure all settings are correct.
To change a setting, double-click the setting. When you are finished modifying the setting, click
Next to return to the Installation Settings screen. See Installation Setting Descriptions (on page
43) for more details about each setting.
36
Information needed
37
38
Run the McAfee Vulnerability Manager installation program. The McAfee Vulnerability Manager
- Welcome screen appears.
Select I accept the terms of this license agreement. Click Next. The Select Installation
Type page appears.
Select Scan Engine. Make sure all other McAfee Vulnerability Manager components are
deselected. Click Next.
Review the system checks and make sure all dependencies have passed. If any dependencies
have failed, exit the installation, correct the dependency, then restart the installation process.
Click Next.
Type the IP address of the server hosting the configuration manager. If you want to change the
port number for configuration manager, type the port number in the port field. Click Next.
Review the installation settings and make sure all settings are correct.
To change a setting, double-click the setting. When you are finished modifying the setting, click
Next to return to the Installation Settings screen. See Installation Setting Descriptions (on page 43)
for more details about each setting. Click Next.
Run the McAfee Vulnerability Manager installation program. The McAfee Vulnerability Manager
- Welcome screen appears.
Select Accept, then click Next. The Select Installation Type page appears.
Select Advanced, then click Next. The Select Environment page is displayed.
The installation program runs a system check to ensure that all dependencies (critical and noncritical) are met. If any of the dependency checks fails, you must resolve the issue before you can
install McAfee Vulnerability Manager. To resolve a dependency check, you must exit the
installation program, fix the issue, then rerun the installation program.
Click Next.
The Architecture and System you selected to install determines what information you must create
or provide. See the Component information needed (page 41) table when installing individual
components.
Type McAfee Vulnerability Manager information and click Next until the Installation Settings
page appears.
Review the installation settings and make sure all settings are correct.
To change a setting, double-click the setting. When you are finished modifying the setting, click
Next to return to the Installation Settings screen. See Installation Setting Descriptions (on page
43) for more details about each setting.
39
Description
Database
40
Enterprise
manager
Notification
service
Configuration
manager
Report engine
Data
synchronization
service
API server
Scan controller
Scan engine
Information needed
Scan Engine
Scan Controller
41
Database
Enterprise
Manager
Configuration
Manager
Report Engine
Data
synchronization
API server
42
Description
Enterprise
Manager
API Server
Allow
Global/Org
Admin
Switching
Report Server
Report Server
Port
Scan Controller
Port
Engine Scan
Controller
Synchronize
"Assigned to a
User"
remediation
tickets
Synchronize
"Unassigned"
remediation
tickets
Method of
Notification
43
Database
Installation
Type
Force protocol
encryption on
DB server
Create New
Organization
Name
New
Organization
Administrator
Password
Set Global
Admin
Password
Program
Location
Reports
Location
Configuration
Manager Server
Configuration
Manager Port
44
Login information
The Global Administrator and the Organization Administrator (for the organization you created when
installing the product) have some predefined login information.
Global Administrator:
Select Start | All Programs | Microsoft SQL Server 2005 | Configuration Tools | SQL
Server Configuration Manager.
10 When prompted for the database server name, use the format server, 2433. If you are
upgrading McAfee Vulnerability Manager, on the Installation Settings step, double-click the
Database Server.
45
Select Start | All Programs | Microsoft SQL Server 2008 | Configuration Tools | SQL
Server Configuration Manager.
Select Hide.
Click OK. A message states that the service must be stopped and restarted.
Click OK.
10 When prompted for the database server name, use the format server, 2433. If you are
upgrading McAfee Vulnerability Manager, on the Installation Settings step, double-click the
Database Server.
46
Click Modify.
Type the host name or IP address, type a backslash and type the instance name
For example: ORCHID\Accounting or xxx.xxx.xxx.xxx\Accounting
To add a port number, type a comma and the port number.
For example: ORCHID\Accounting,1533 or xxx.xxx.xxx.xxx\Accounting,1533
47
Note: Although <Server Name>,<port> is a valid SQL Server reference when using a named
instance, this is not a valid reference for McAfee Vulnerability Manager. The instance name must
be included for McAfee Vulnerability Manager to function properly.
Click Next
Configuration manager
The configuration manager might not accurately report the state of the SQL Server, or might fail to
control (start, stop) the service correctly. See McAfee KnowledgeBase article KB 54440 for information
on resolving this problem.
48
On each server running a McAfee Vulnerability Manager component, go to the Windows Control
Panel and open Add/Remove Programs.
Select the version of McAfee Vulnerability Manager you want to remove and click Remove.
If any files are in use while being uninstalled, the program opens the Services window so you can
stop any product services still running, then the uninstall completes.
Caution: Do not delete the registry settings on any scan engine without having a good backup of the
McAfee Vulnerability Manager registry settings. Doing so can cause database objects to become
orphaned because the registry contains a unique identifier that ties the scan engine to the data.
If you must delete the registry settings for any reason, contact customer support for help on restoring
the database to the proper scan engine.
McAfee Vulnerability Manager 7.5 depends upon the following registry keys from previous versions.
For Windows 2003:
HKEY_CURRENT_USER\SOFTWARE\Foundstone
HKEY_LOCAL_MACHINE\SOFTWARE\Foundstone
HKEY_CURRENT_USER\SOFTWARE\Foundstone
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foundstone
49
HKEY_CURRENT_USER\SOFTWARE\Foundstone
HKEY_LOCAL_MACHINE\SOFTWARE\Foundstone
HKEY_CURRENT_USER\SOFTWARE\Foundstone
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foundstone
50
If the scan controller is running on a different server than the database, you must install SQL
Client Tools on the server to allow McAfee Vulnerability Manager Update to pass the information to
the database.
Procedures
McAfee Vulnerability Manager Update lets you do the following tasks:
51
Set up a proxy server (see "Adding proxy information for connecting to the update server" on
page 54)
Description
License Usage
Licensed For
Options
Username
Type the user name that McAfee sent you. This is the
user name you used to access the McAfee download
files.
Password
52
Option
Description
Proxy server
requires
authentication
Username (proxy)
Password (proxy)
Use secure
connection
Digital Security
Mode
53
On the scan controller, select Start | All Programs | Foundstone | Update McAfee
Vulnerability Manager.
Click Options.
Type the user name and password you received from McAfee.
To automatically check for updates, select the checkbox each package to update.
Leave the McAfee Vulnerability Manager Update program running. If you decide to exit, the
program warns you that it must continue running if you want to automatically check for McAfee
updates.
Select Proxy server requires authentication if updates are accessed using a proxy server.
10 Type the user name and password required to authenticate to your proxy server.
In the Local Area Network (LAN) Settings dialog box, select Use a proxy server for your
LAN....
Click OK.
Under Service Status, click Start. If the service is disabled, change the Startup type to
Manual, then click Apply.
To automatically start the update service, change the Startup type to Automatic, then click
Apply.
To see the update user interface when it is running, click the Log On tab.
Select Local System Account and select Allow service to interact with desktop.
Click OK.
McAfee Vulnerability Manager 7.5 Installation Guide
54
If the service is currently running, stop it from the services control panel. To do this, select Start
| Settings | Control Panel, double-click Administrative Tools, then double-click Services.
(You can also right-click My Computer and select Manage from the shortcut menu.) Locate
Foundstone Update Service proxy and click Stop.
Locate the FSUpdateService.exe file and launch it. A small window appears at the bottom right
of the screen.
Ensure that the edit field labeled Command line to start the application is pointing to the
correct location of the FSUpdate.exe program.
Ensure that the parameter to this path is "-service" (for example, C:\Program
Files\Foundstone\FSupdate.exe -service).
On the scan controller server, locate the FSUpdateService.exe program (usually c:\Program
Files\Foundstone).
Open a command prompt window; select Start | Run and type cmd.
This procedure does not show anything on the computer screen. Once you run it, the program silently
reinstalls the service.
Note: If the FSUpdateService install process shows an error that the service is already installed,
disregard the error.
Double-click Foundstone Update Service Proxy and click the Log On tab.
Click OK.
Note: The FSUpdate icon might not always appear in the system tray area, but the process can still
be running.
55
Click Generate to create a unique registration key. The key appears in the text box.
If a key already exists in the textbox, click Clear to remove it before clicking Generate.
Click Website to open a browser and connect to the Foundstone Registration Website.
Contact Person - Type your own name, or the name of the person responsible for contacting
McAfee regarding the product.
56
Enable notifications
The McAfee Vulnerability Manager Notification Service adds SNMP and email integration for ticketing
and scan related events, as well as system status, such as FCM updates available. Tickets are used to
manage and track vulnerabilities in systems within your corporate network. The ticketing system is
available through the enterprise manager and is integrated with other functions of the system, for
example, asset management.
57
Complete the remaining information, specifying the SNMP version, and incoming and outgoing
SNMP settings.
Description
SNMP Version
Community
String
Throttle
Description
Address
Port
Senders List
Add
Remove
Allow Verify
Vulnerability
Description
Address
Port
58
Complete the remaining information, specifying the email server address, and the email addresses
of the sender/recipient.
Note: Email notifications for updates applied via the McAfee Vulnerability Manager Configuration
Manager are sent to the address listed for McAfee Vulnerability Manager Operations. If you
have enabled email notifications in the configuration manager Preferences, be sure to include an
email address in the McAfee Vulnerability Manager Operations field.
Email server
Option
Description
Address
Port
59
Option
Description
Server Requires
Authentication
Username
Password
Email messages
Option
Description
Header Message
Footer Message
Description
From Name
From Address
To Name
60
To Address
Setting up SSL
McAfee Vulnerability Manager 7.5 installs and uses default SSL Certificates to communicate between
its servers. The installation program creates the certificates and installs them. However, canned
certificates are vulnerable to spoofing, which could allow someone to see the information as it is sent
between servers.
To increase the security, and to add authentication to the SSL Certificates, you must set up
customized SSL Certificates. The necessity of using customized SSL Certificates varies widely from
company to company.
If you decide to use customized SSL Certificates, McAfee Vulnerability Manager provides the McAfee
Vulnerability Manager Configuration Manager, a separate program that you can use to create custom
SSL certificates (this tool also manages updates to the McAfee Vulnerability Manager components).
For more information, refer to the configuration manager online help or the product guide.
61
The portal address in the CONFIG.INI file must match the FQDN, NetBIOS, or IP address used in
the SSL certificate for the enterprise manager. See Check the server_name in the CONFIG.INI file
(page 62).
.Net 2.0 or 3.0 must be installed on each user system accessing the enterprise manager.
Use the Installing the McAfee Vulnerability Manager Trust Site certificate (page 62) task on each user
system accessing the enterprise manager.
Expand the Foundstone SSL Certificates and select the SSL certificate issued to the enterprise
manager.
Example: myhost.domain.com.
In the Subject information, under Certificate Summary, find the FQDN, NetBIOS, or IP address.
This is the information after CN=.
On the server running the enterprise manager, open the CONFIG.INI file.
The default location in Microsoft Windows 2003 is: C:\Program Files\Foundstone\Portal\include.
The default location in Microsoft Windows 2008 R2 is: C:\Program Files
(x86)\Foundstone\Portal\include.
Make sure the server_name matches the FQDN, NetBIOS name, or IP address used in the SSL
certificate.
Double-click the Enterprise Manager icon. The McAfee Vulnerability Manager logon page
appears.
Note: If necessary, add the enterprise manager to the Trusted Sites list.
Click Yes. An import successful message appears when the certificate import is completed.
Click Quit.
62
Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability
Manager content is up-to-date.
Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5
content is up-to-date.
10 Users should clear their web browser cache to ensure updated pages display properly.
If you are upgrading the operating system on the server running the database to Microsoft Windows
Server 2008 R2, you need to do the following:
1
Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability
Manager content is up-to-date.
Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5
content is up-to-date.
Users should clear their web browser cache to ensure updated pages display properly.
McAfee Vulnerability Manager 7.5 Installation Guide
63
If you are upgrading the database only (not the OS), you need to do the following:
1
Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability
Manager content is up-to-date.
Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5
content is up-to-date.
Users should clear their web browser cache to ensure updated pages display properly.
If you attached your database to a server that does not have McAfee Vulnerability Manager installed:
1
Select the McAfee Vulnerability Manager components you want to install on the server.
If you moved your database to a different server, when you upgrade the server that formerly hosted
your database:
1
Select the McAfee Vulnerability Manager components you want to install on the server.
Type the host name or IP address of the server hosting the database.
Type the McAfee Vulnerability Manager user password and then click Next.
If you are upgrading the enterprise manager or a scan engine to Microsoft Windows Server 2008 R2,
you need to do the following:
Note: If the database is installed with any other McAfee Vulnerability Manager component, you must
follow the steps for upgrading the database.
1
Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability
Manager content is up-to-date.
Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5
content is up-to-date.
Users should clear their web browser cache to ensure updated pages display properly.
McAfee Vulnerability Manager 7.5 Installation Guide
64
Open SQL Server Management Studio. To do this, select Start | All Programs | Microsoft SQL
Server | SQL Server Management Studio.
Right-click the Faultline database and select All Tasks | Backup Database from the shortcut
menu.
In the Back Up Database dialog box, the backup destination is entered automatically.
To add a different location, click Add to specify where to create the backup file.
65
Optionally, in the Back up Database dialog box, select Options and select Verify Backup on
finished to have SQL ensure that the backup is correct.
Open the Windows Registry. To do this, select Start | Run. Type regedit as the name of the
program to run, and click OK.
Back up the registry keys, from the following locations in Microsoft Windows Server 2003:
HKEY_LOCAL_MACHINE\SOFTWARE\FOUNDSTONE\, and
HKEY_CURRENT_USER\SOFTWARE\FOUNDSTONE.
Back up the registry keys, from the following locations in Microsoft Windows Server 2008 R2:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FOUNDSTONE\, and
HKEY_CURRENT_USER\SOFTWARE\FOUNDSTONE.
McAfee Vulnerability Manager 7.5 Installation Guide
66
Type a file name for the registry backup file, and select the folder where you want to save it.
Click OK.
Install Microsoft SQL 2005 or Microsoft SQL 2008 R2. A system restart might be required after
installation.
Install the latest service pack for Microsoft SQL Server. If necessary, restart the server.
Install McAfee Vulnerability Manager 7.5. Once the McAfee Vulnerability Manager 7.5 installation is
complete, you must restart the system.
10 After the system restarts, McAfee Vulnerability Manager 7.5 prompts you for database logon
information. Just close this dialog box.
Note: After McAfee Vulnerability Manager 7.5 is installed and running, you should redistribute
the certificates to turn encryption on for communication between the database and the scan
engine.
Redistributing certificates
1
Once the certificates are distributed to the database, encryption is enabled. You can now start the
scan controller(s) without being prompted for any database information.
67
Select Start | All Programs | Microsoft SQL Server | SQL Server Management Studio.
Select Properties.
Select SQL Server 2005(90) from the Compatibility Level list for Microsoft SQL 2005.
Select SQL Server 2008(100) from the Compatibility Level list for Microsoft SQL 2008.
Click OK.
Setting
Components to
Install
Instance Name
Service Account
68
Authentication Mode
Collation Settings
After the installation finishes, McAfee recommends that you restart the computer to begin using SQL
Server. Then, make sure you have the latest SQL server service pack.
Select Start | Programs | Microsoft SQL Server | SQL Server Management Studio.
Select Memory.
Change the Maximum Server Memory to two-thirds the maximum server memory.
Click OK.
69
After the installation finishes, McAfee recommends that you restart the computer to begin using SQL
Server. Then, make sure you have the latest SQL server service pack.
Open the Windows Registry. To do this, select Start | Run. Type regedit as the name of the
program to run, and click OK.
Select the file that contains your McAfee Vulnerability Manager Windows Registry settings.
Stop all scan engines using the configuration manager. To do this, open configuration manager,
expand the McAfee Vulnerability Manager tree in the left pane, select a scan engine and click
Stop. You must do this for each scan engine.
Select Start | All Programs | Microsoft SQL Server | SQL Server Management Studio.
In the Restore Database dialog box, type Faultline in the To database field.
70
Scan controller
API server
Report engine
Notification service
Configuration manager
6
Type file name and location where the backup files are located, then click OK.
Click OK.
10 If necessary, on the Options tab, you can edit the rows in the Move to physical file name column
to specify the location and names of the physical files of the restored McAfee Vulnerability
Manager database.
71
After upgrading, the configuration manager automatically updates your engines to McAfee
Vulnerability Manager 7.5. If you have a system running a scan engine and other McAfee
Vulnerability Manager components, when you upgrade this system, you must upgrade the scan
engine, even if the engine has already been updated by the configuration manager. Deselecting
the engine from the upgrade removes the engine and the scan controller from this system.
The McAfee Vulnerability Manager 7.5 installer automatically selects the API server component.
Only install the API server component on one scan engine. Deselect the API server component
when upgrading all other scan engines.
McAfee Vulnerability Manager 7.5 Installation Guide
72
Note: When upgrading, multiple active sessions on the server can cause the upgrade to fail. You can
close all running McAfee Vulnerability Manager components using the Task Manager or you can
restart the server.
Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability
Manager content is up-to-date.
Notify all users to log off the McAfee Vulnerability Manager system.
Note: If you want to change the password for the Faultline user, you must do it in the SQL
Server Management Studio.
On any McAfee Vulnerability Manager component, run the McAfee Vulnerability Manager 7.5
installation program. The installation program detects McAfee Vulnerability Manager components
already installed on the server. Review the list of selected McAfee Vulnerability Manager
components to upgrade or update the list, if necessary.
The installer terminates all product services before upgrading. If the installer cannot terminate
any of the product services, a message appears asking you to terminate the product service
manually. You must terminate any product services still running before continuing with the
installation.
On the system where you installed the configuration manager Server, start the configuration
manager Console.
Keep the configuration manager running long enough for all of your scan engines to connect to
the configuration manager server. When the engines have connected, exit the McAfee
Vulnerability Manager Configuration Manager.
On the computer running the database, start the McAfee Vulnerability Manager 7.5 installation
program to upgrade your database. By default, your database is upgraded to McAfee Vulnerability
Manager 7.5. If you want to install a new database, you must modify the Database installation
type on the Installation Settings step of the installation wizard.
On the enterprise manager web server, run the McAfee Vulnerability Manager 7.5 installation
program and install the enterprise manager.
10 On the computer on which you want to run the Notification Module, run the McAfee Vulnerability
Manager 7.5 installation program and install the Notification Module. The Notification Module does
not have to be installed on a system running a McAfee Vulnerability Manager component.
11 On systems that only have a scan engine installed, the scan engine is upgraded automatically by
the McAfee Vulnerability Manager Configuration Manager. Any system with a scan engine and
other McAfee Vulnerability Manager components installed, must be manually upgraded. Verify all
scan engines are upgraded by checking the version of each scan engine in the configuration
manager Console.
During an automatic upgrade, a scan controller is installed with each scan engine. During a
manual upgrade, the scan controller is selected when upgrading a system with a scan engine.
12 Upgrade all other McAfee Vulnerability Manager components.
13 Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5
content is up-to-date.
Once you have upgraded the database and enterprise manager, and installed the Notification Module,
the upgrade process is completed.
McAfee Vulnerability Manager sends updates to some components after the upgrade process is
complete, like sending content updates to the scan engines. In most cases, these updates finish
McAfee Vulnerability Manager 7.5 Installation Guide
73
shortly after the upgrade is complete. If there are a large number of scan engines or there is low
bandwidth communication to the scan engines, this update process could take longer. If McAfee
Vulnerability Manager is not functioning properly right after an upgrade, the update process might not
be complete.
Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability
Manager content is up-to-date.
Notify all users to log off the McAfee Vulnerability Manager system.
Note: If you want to change the password for the Faultline user, you must do it in the SQL
Server Management Studio.
Stop and cancel all scan jobs before exiting the API server.
Run the McAfee Vulnerability Manager 7.5 installation program, installing all components.
If SQL server is not running, start the database (see "Starting and stopping the SQL server
database" on page 74).
Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5
content is up-to-date.
Open both the new .ini file and the original (.fsorig) file in Notepad.
Copy the sections from the original file to the new one.
On the database server, you must open the SQL Server Management Studio to check the status of the
SQL server. The server icon in the System Tray has been removed for Microsoft SQL Server 2005 and
2008.
1
Select Start | Programs | Microsoft SQL Server | SQL Server Management Studio.
74
Rerunning scans
After upgrading McAfee Vulnerability Manager, some information for existing scans doesn't display
until the scan is run. This includes Scan Details information (new for McAfee Vulnerability Manager
7.5), and the Vulnerability by IP port information in reports.
Upgrading appliances
If you have a McAfee Vulnerability Manager appliance with a previous version of the product, you can
upgrade your appliance to McAfee Vulnerability Manager 7.5.
The upgrade guidelines work with the MVM 2100 (scan controller and scan engine only), MVM 3000,
and MVM 3100.
75
Type host name and press Enter. The name of the host appears.
Use
Use
Use
Use
Use
8 or more characters
lower-case characters (a-z)
upper-case characters (A-Z)
numeral characters (0-9)
non-alpha-numeric characters (`~!@#$%^&*()-_=+)
Note: McAfee Vulnerability Manager 7.5 requires passwords that are at least 8 characters long, has
at least three of the four remaining requirements (lower-case, upper-case, numeral, and non-alphanumeric), and does not contain the user name.
All service pack requirements are met for Microsoft Windows XP or Microsoft Windows 2003
The update labeled "MS05-019" is not applied
The Application Layer Gateway Service is running
76
Click Stop.
SQL settings
This section provides some procedures for setting up your SQL server after you have installed the
database.
77
In the Object Explorer, expand the server list until you get to the server you are configuring.
Select Start | Programs | Microsoft SQL Server 2005 | SQL Server Management Studio.
In the Object Explorer, expand the server list until you get to the server you are configuring.
Set the Index Creation Memory to 40% of the total system memory.
For example, set the Index Creation Memory to 400 MB if the system has 1 GB of memory and
to 800 MB if the systems has 2 GB memory.
Click OK.
78
product. However, if you want to set a temporary password before installation, or change the SA
password after the installation, follow these steps to make the change.
Select Start | Programs | Microsoft SQL Server | SQL Server Management Studio.
Double-click sa.
Type cliconfg and press Enter. The SQL Server Client Network Utility appears.
Click the Alias tab, edit the Server alias, then click OK.
79
Open the Virus Scan Enterprise Console by right-clicking the icon in the Windows taskbar.
Right-click Access Protection and select Properties from the shortcut menu.
Select the rule to Prevent mass mailing worms from sending mail and click Edit.
Note: If VSE is installed on the mail server, repeat these steps on the mail server.
McAfee suggests that you add all of the applications and processes of McAfee Vulnerability Manager to
this exclusion list in VSE in order to avoid conflicts between VSE and McAfee Vulnerability Manager.
Repeat the above steps to exclude the following:
FSUpdate.exe
FSNotifications.exe
LCDServices.exe
RegFS.exe
FCAgent.exe
FCServer.exe
FSAPI.exe
FSAssessment.exe
FSDiscovery.exe
FSLogToDiskSvc.exe
ReportServer.exe
80
Create a text file named mod.txt, and place it in the enterprise manager home directory.
The default location for Microsoft Windows 2008 R2 is c:\Program Files
(x86)\Foundstone\portal.
If the mod.txt file is not found or does not contain any data, the message of the day does not
appear. Remove this file from the enterprise manager home directory.
Using a text editing program like Notepad, type the message you want to display. You can
embellish the message with some HTML tags, but they are not required.
Adding a blank line in the mod.txt file automatically adds the appropriate .html code to create a new
line.
Message titles
Use the tags <mod_title> and </mod_title> to change the title of the message. If no title has been
entered, the title displays "Message of the Day".
81
Open the config.ini file on the system running the enterprise manager. The default location for
Microsoft Windows 2008 R2 is c:\Program Files (x86)\Foundstone\portal\include.
Click the Global Admin link. The Global Administrator user-interface appears.
Note: Only one active session is allowed. Using Open in New Tab on the Global Admin link
terminates the organization administrator session. Using Open in New Tab also terminates the
session if the Org Admin link is clicked in the global administrator session.
82
Click the Org Admin link to switch back to the Root Organization Administrator user-interface.
Note: If you log on using the Global Administrator credentials, you don't see the ORG ADMIN link in
the user-interface. The switch only functions when you log on as a Root Organization Administrator.
CONFIG.INI
The config.ini file contains basic configuration settings for McAfee Vulnerability Manager 7.5.
The default location for Microsoft Windows 2003 is c:\Program
Files\Foundstone\Portal\include\config.ini.
The default location for Microsoft Windows 2008 R2 is c:\Program Files
(x86)\Foundstone\Portal\include\config.ini.
PHP.INI
PHP is a scripting language used by enterprise manager. The php.ini file contains PHP settings in
enterprise manager. This file contains many sections and settings, though this document addresses
only those settings that McAfee recommends for customers to change if necessary.
The default location for Microsoft Windows 2003 is c:\Program Files\Foundstone\PHP\php.ini.
The default location for Microsoft Windows 2008 R2 is c:\Program Files
(x86)\Foundstone\PHP\php.ini.
On the enterprise manager server, navigate to \PHP\Config.ini. It is located under the folder
where you installed McAfee Vulnerability Manager 7.5.
The default location for Microsoft Windows 2003 is c:\Program Files\Foundstone\PHP\php.ini.
The default location for Microsoft Windows 2008 R2 is c:\Program Files
(x86)\Foundstone\PHP\php.ini.
McAfee Vulnerability Manager 7.5 Installation Guide
83
Common Tasks
The following list shows the most common tasks that can be performed by changing the CONFIG.INI
and PHP.INI settings.
In the CONFIG.INI file, change the value disable_verify under the Remediation section to 1
and save the file.
To verify the setting, log onto the enterprise manager. Navigate to Remediation | New Tickets. The
Verify button should not be available when this value is set to 1.
In the CONFIG.INI file, search for the following string and remove the ; at the beginning of the
line:
;disable_quickscan=1
To verify the setting, log onto the enterprise manager. The Quick Scan feature is disabled when this
value is set to 1.
In the CONFIG.INI file, change the value submit_feedback under the [Optional] section to 0
and save the file.
To verify the setting, log onto the enterprise manager. The customer feedback link at the bottom of
the page should not appear, or is otherwise disabled.
Config.ini
The config.ini file contains basic configuration settings for McAfee Vulnerability Manager 7.5.
The default location for Microsoft Windows 2003 is c:\Program
Files\Foundstone\Portal\include\config.ini.
The default location for Microsoft Windows 2008 R2 is c:\Program Files
(x86)\Foundstone\Portal\include\config.ini.
Sections in this configuration file include:
84
Default
first_run
Description
The first time you log onto the
enterprise manager, if this
value is set to 1, the
server_name value is sent to
the engine as the "default"
portal server.
[server]
Entry
Default
Description
server_url
server_root
Windows 2003
C:\Program
Files\Foundstone\Po
rtal\
Windows 2008 R2
C:\Program Files
(x86)\Foundstone\Po
rtal\
server_cache
Windows 2003
C:\Program
Files\Foundstone\Te
mp\
Windows 2008 R2
C:\Program Files
(x86)\Foundstone\Te
mp\
85
Entry
Default
Description
reports_dir
Windows 2003
C:\Program
Files\Foundstone\Re
ports\
Windows 2008 R2
C:\Program Files
(x86)\Foundstone\Re
ports\
custom_reports_dir
Windows 2003
C:\Program
Files\Foundstone\Re
ports_Custom\
Windows 2008 R2
C:\Program Files
(x86)\Foundstone\Re
ports_Custom\
font_dir
C:\Windows\Fonts
server_name
COMPUTERNAME
server_protocol
http or https
Depends on install
options.
server_cert_dir
%installdirectory%\
Foundstone\Configur
ation
portal_id
[API Server]
Entry
Default
Description
API_primary
API_secure
API_proxy_host
API_proxy_port
86
Entry
Default
Description
API_connection_
timeout
API_response_time
out
180
API_authenticate
API_authenticate_
cn
API_reconnect_
interval
180
API_stream_select_ 3
timeout
C:\Program
Files\Foundstone\Co
nfiguration\CustomT
rustedCA.pem
Windows 2008 R2
C:\Program Files
(x86)\Foundstone\Co
nfiguration\CustomT
rustedCA.pem
87
Entry
Default
Description
api_authenticate_
client
Windows 2003
C:\Program
Files\Foundstone\Co
nfiguration\CustomP
ortal.pem
Windows 2008 R2
C:\Program Files
(x86)\Foundstone\Co
nfiguration\CustomP
ortal.pem
[session]
Entry
Default
Description
session_validate_ip
true
session_validate_browser
[report_server]
Entry
Default
Description
report_server
[hostname of
report engine
server]:port
report_server_secure
report_push_check
88
[optional]
Entry
Default
Description
enable_dashboard_
configuration_applet
true
Not used.
enable_organization_
applet
false
Not used.
alerts_max
100
scan_pulldown_alpha
false
short_chars
30
string_chunk_len
100
string_chunk_delimiter
" "
scan_config_dropdown
30
tree_expansion_default
89
Entry
Default
Description
disable_quickscan
submit_feedback
auto_refresh_rate
10
[look_and_feel]
Entry
Default
Description
color_buttonf
;000000
color_buttonb
;333399
color_headerf
;FFFFFF
color_headerb
;333399
color_grey1
;e3e3e3
color_grey2
;cccccc
color_grey3
;3581cd
font
verdana
font_size
90
[ipranges]
Entry
Default
Description
enable_ipranges
true
max_ipranges
8000
Entry
Default
Description
enable_mvas_options
false
threats
false
[mvas]
[debug]
Entry
Default
Description
debug
debug_soap
debug_report_server 0
debug_msi_server
[fcgi]
This section is used for debugging the FastCGI components in McAfee Vulnerability Manager 7.5. It
might be used in a support call situation when additional logging needs to be turned on to help
identify a problem.
91
[reports]
Entry
Default
Description
report_server_timeout
1200
[il8n]
Entry
Default
Description
il8n_language
il8n_bullet
[threats]
Entry
Default
Description
max_threats
max_intervals
92
Entry
Default
Description
tcv_enable_default_bu
tcv_select_default _bu
tcv_central_admin_default_bu
93
[RADIUS_server_options]
Entry
Default
use_radius_auth
Description
Set to "1" to turn on RADIUS
authentication.
This is disabled by default.
radius_primary_
address
radius_primary_
secret
radius_primary_port
radius_type_options
[java]
Entry
Default
Description
java_use_dynamic_jre_
versioning
false
94
[remediation]
Entry
Default
Description
disable_verify
Default
Description
zip_single_pdf
By default,
this entry is
not in the
config.ini file.
Php.ini
PHP is a scripting language used by enterprise manager. The php.ini file contains PHP settings in
enterprise manager. This file contains many sections and settings, though this document addresses
only those settings that McAfee recommends for customers to change if necessary.
The default location for Microsoft Windows 2003 is c:\Program Files\Foundstone\PHP\php.ini.
The default location for Microsoft Windows 2008 R2 is c:\Program Files
(x86)\Foundstone\PHP\php.ini.
Caution: The majority of the settings in this file should not be modified for use with McAfee
Vulnerability Manager 7.5.
PHP Settings
Entry
Default
Description
max_execution_time
300
max_input_time
600
95
memory_limit
32M
display_errors
Off
post_max_size = 200M
200M
(200 MB)
upload_max_filesize =
200M
200M
(200 MB)
Disabling SSL
Secure communication between the enterprise manager and the API server are set by default when
McAfee Vulnerability Manager is installed. If you are required to disable SSL, you must do the
following:
1
96
Click OK.
Restart the IIS server. Right-click the local computer, select All Tasks, then select Restart IIS.
Select Restart IIS, then click OK.
After IIS restarts, close the IIS manager window.
Open the configuration manager and select Tools | Preferences | API Server.
On the API Server tab, deselect both Use SSL options (under Incoming Connection and
Enterprise Manager).
Click OK.
The settings are not applied until the API server is restarted.
In the left pane of the configuration manager, expand Foundstone Systems, then expand
system that hosts the API server.
Once the server has stopped, click Start to start the server.
On the server running the enterprise manager, open the config.ini file.
The default location for Microsoft Windows 2003 is c:\Program
Files\Foundstone\Portal\include.
The default location for Microsoft Windows 2008 R2 is c:\Program Files
(x86)\Foundstone\Portal\include.
server_protocol =http
API_secure =0
report_server_secure =0
97
On the server running the enterprise manager, select Start | All Programs | Administrative
Tools | Internet Information Services (IIS) Manager.
In the left pane, expand the enterprise manager and select Web Sites.
Restart the IIS server. Right-click the local computer, select All Tasks, then select Restart IIS.
Select Restart IIS, then click OK.
On the server running the enterprise manager, select Start | All Programs | Administrative
Tools | Internet Information Services (IIS) Manager.
In the left pane, expand the enterprise manager and select Sites.
Click Apply.
In the left pane, right-click the local computer and click Stop.
98
Select Start | Control Panel | Administrative Tools, then select Local Security Policy.
In the left pane, expand Local Policies, then select Security Options.
In the right pane, double-click System cryptography: Use FIPS compliant algorithms for
encryption, hashing, and signing.
In the dialog box, select Disabled, select Apply, then click OK.
99
Appendix
Microsoft SQL Server 2005 Express Settings
Appendix
Microsoft SQL Server 2005 Express Settings
Installation: McAfee recommends that you install Microsoft SQL Server 2005 Express on a Microsoft
Windows 2003 system.
Note: If you are installing SQL Server 2005 Express on a virtual system, the virtual system must be
on an IDE disk drive. See the VMware website or documentation for further information.
Suggested Usage: Only for class C networks.
Setting
Registration
Information
Feature Selections
Instance Name
Service Account
100
Appendix
Microsoft SQL Server 2005 Express Settings
Authentication Mode
Collation Settings
User Instances
After the installation has completed, McAfee recommends that you restart the computer to begin
using Microsoft SQL Server Express. Then, make sure you have the latest Microsoft SQL Server
Express Service Pack.
Enabling TCP/IP
By default, TCP/IP is disabled in Microsoft SQL Server 2005 Express. TCP/IP must be enabled for
McAfee Vulnerability Manager to function properly.
1
Click OK.
Restart the Database Engine service for the change to take effect.
Internet access
If a system is blocked from accessing the internet, the time service might no longer synchronize and
cannot provide the time to other clients or upgrade the system clock. This might cause McAfee
Vulnerability Manager services to not respond within an expected amount of time, causing a failure to
start. To resolve this, either let the system access the internet or add the ServicesPipeTimeout registry
entry.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\.
If ServicePipeTimeout does not exist, create a DWORD data type and label it
ServicePipeTimeout.
101
Appendix
Move the database
Scroll down and double-click User Account Control: Run all administrators in Admin
Approval Mode.
Stop the SQL service. You can also set the SQL service to Manual to free up some resources
on this server, but this is optional.
Remove the database service dependencies for other McAfee Vulnerability Manager
components running on the server. See the McAfee KnowledgeBase article KB60408 for
detailed information.
After installing the database on the new server, open configuration manager and update the
database information.
In configuration manager, select Tools, then select Preferences. Select the Database tab and
update the database information.
102
Appendix
Using the United States Federal Information Processing Standard
Run McAfee Vulnerability Manager Update to ensure that McAfee Vulnerability Manager content
has the latest information.
Select Start | Control Panel | Administrative Tools, then select Local Security Policy.
In the left pane, expand Local Policies, then select Security Options.
In the right pane, double-click System cryptography: Use FIPS compliant algorithms for
encryption, hashing, and signing.
In the dialog box, select Enabled, select Apply, then click OK.
When the server operating system is configured for FIPS 140 compliant mode, McAfee Vulnerability
Manager users cannot access the enterprise manager if TLS 1.0 is not enabled in their web browser.
See the Enable TLS 1.0 on the client system procedure below for setting up client browsers.
103
Appendix
Using the United States Federal Information Processing Standard
104