MVM750 Install Guide

Installation Guide
McAfee Vulnerability Manager 7.5
COPYRIGHT
Copyright 2012 McAfee, Inc. Do not copy without permission.
TRADEMARKS
McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator,
McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab,
McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection,
TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States
and other countries. Other names and brands may be claimed as the property of others.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR
A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS
SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
Issued 6/15/2012 12:51 / McAfee Vulnerability Manager Installation Guide
Contents
Introducing McAfee Vulnerability Manager ..................................................... 6
Installation checklist .......................................................................................................... 6

Components and what they do ............................................................................................ 7
Audience .......................................................................................................................... 8
Find product documentation ............................................................................................... 8
System Requirements and Architectures ........................................................ 9
Number of servers required ................................................................................................ 9

Hardware and software requirements................................................................................. 11
Single server requirements......................................................................................... 11
Multiple server requirements ...................................................................................... 12
Microsoft Windows Server 2003 support....................................................................... 16
Browser requirements ...................................................................................................... 16
Disable Enhanced Security Configuration...................................................................... 17
Network requirements...................................................................................................... 17
Deployment architectures ................................................................................................. 21
Dual-server architecture ............................................................................................ 21
Three-server architecture ........................................................................................... 22
More than three servers ............................................................................................. 23
Installing on a Single Server ........................................................................ 24
Audience ........................................................................................................................ 24
Process overview ............................................................................................................. 24
McAfee Vulnerability Manager architecture .......................................................................... 24
How the pieces fit together ............................................................................................... 25
Installing and configuring McAfee Vulnerability Manager on a single server ............................. 25
Creating your first vulnerability scan and report .................................................................. 28
Post-installation activities ................................................................................................. 30
Installing on Multiple Servers ....................................................................... 31
Before you install McAfee Vulnerability Manager .................................................................. 31

McAfee Vulnerability Manager 7.5 components.............................................................. 31
System component preparation ......................................................................................... 32
Preparing the database server .................................................................................... 32
Preparing the scan engine server ................................................................................ 34
Preparing the web server ........................................................................................... 35
McAfee Vulnerability Manager 7.5 installation...................................................................... 35
Installing using a recommended installation type .......................................................... 36
Adding an extra scan engine ....................................................................................... 38
Installing using the custom installation type ................................................................. 39
Installation setting descriptions ................................................................................... 43
Login information ...................................................................................................... 45
Hiding a Microsoft SQL Server 2005 instance ................................................................ 45
Hiding a Microsoft SQL Server 2008 instance ................................................................ 46
Changing the SQL instance name ................................................................................ 47
Uninstalling McAfee Vulnerability Manager ................................................... 49
Uninstalling a previous version of McAfee Vulnerability Manager ............................................ 49

Do NOT remove registry keys ........................................................................................... 50
Configuring Your Servers .............................................................................. 51

McAfee Vulnerability Manager Update ................................................................................ 51
Setting up McAfee Vulnerability Manager Update ........................................................... 53
Adding proxy information for connecting to the update server ........................................ 54
McAfee Vulnerability Manager 7.5 Installation Guide
iii
Contents
Running McAfee Vulnerability Manager Update as a service ............................................ 54

Troubleshooting the McAfee Vulnerability Manager Update service................................... 55
Register McAfee Vulnerability Manager 7.5 ......................................................................... 56
Sending a registration request to McAfee ..................................................................... 56
Activate McAfee Vulnerability Manager 7.5 ................................................................... 57
Enable notifications.......................................................................................................... 57
Enabling SNMP notifications ........................................................................................ 57
Enabling email notifications ........................................................................................ 59
Hardening your servers .................................................................................................... 61
Update your servers with the latest patches ................................................................. 61
Setting up SSL .......................................................................................................... 61
Add the enterprise manager trust site certificate ................................................................. 61
Check the server_name in the CONFIG.INI file.............................................................. 62
Installing the McAfee Vulnerability Manager Trust Site Certificate .................................... 62
Upgrading to McAfee Vulnerability Manager 7.5 ........................................... 63
Back up the SQL server database using SQL Server Management Studio ................................ 65
Backing up the Windows registry ....................................................................................... 66
Upgrading Microsoft SQL Server 2000 ................................................................................ 67
Microsoft SQL server 2005 installation settings.................................................................... 68
Changing the Microsoft SQL memory settings ..................................................................... 69
Microsoft SQL server 2008 and 2008 R2 installation features ................................................ 69
Restoring the Windows registry ......................................................................................... 70
Restoring the McAfee Vulnerability Manager database .......................................................... 70
Upgrading from a previous version .................................................................................... 72
Merging the config.ini and php.ini files ......................................................................... 74
Starting and stopping the SQL server database ............................................................. 74
Rerunning scans ....................................................................................................... 75
Microsoft Windows Server 2003 upgrade support ................................................................ 75
Upgrading appliances ....................................................................................................... 75
Troubleshooting and Tips ............................................................................. 76
Finding the NetBIOS name ............................................................................................... 76

Creating strong passwords ............................................................................................... 76
Application Layer Gateway Message ................................................................................... 76
Performance issues when running a large number of reports ................................................ 77
SQL settings ................................................................................................................... 77
Changing the database authentication settings ............................................................. 77
Optimize dynamic memory settings ............................................................................. 78
Setting the SA password in SQL .................................................................................. 78
Changing the TCP/IP protocol ..................................................................................... 79
Optional enterprise manager settings ................................................................................. 80
Using McAfee VirusScan Enterprise 8.0i and later .......................................................... 80
Setting up a logon message ....................................................................................... 81
Allowing root organization administrators to switch to global administrator....................... 82
Setting up the CONFIG.INI and PHP.INI files ................................................................ 83
Disabling SSL.................................................................................................................. 96
Turning off SSL in configuration manager ..................................................................... 97
Restarting the API server ........................................................................................... 97
Modifying the CONFIG.INI file on the enterprise manager............................................... 97
Turning off SSL on the enterprise manager .................................................................. 98
Why does my Foundstone Configuration Agent system tray icon have an exclamation mark ..... 98
Installation error when FIPS is enabled .............................................................................. 99
Appendix .................................................................................................... 100
Microsoft SQL Server 2005 Express Settings ......................................................................100

Microsoft SQL Server 2005 Express installation settings ................................................100
Internet access ........................................................................................................101
Microsoft SQL Server 2008 R2 Express settings ..................................................................102
Disabling Admin Approval Mode (Windows 2008 R2) ...........................................................102
Move the database .........................................................................................................102
Move the enterprise manager ..........................................................................................103
iv
Contents
Changing the Foundstone Configuration Agent Settings .......................................................103

Using the United States Federal Information Processing Standard ........................................103
Introducing McAfee Vulnerability

Manager
McAfee Vulnerability Manager is an agentless network scanner that helps you identify and protect the
assets (systems) on your network. This allows managers to monitor and respond to changing risks in
their environment.
This installation guide contains system requirements and suggestions on how many servers to deploy
based on the size of your network. This guide also contains the concepts and tasks for installing the
product, what to do after installation, and upgrading from a previous version.
Note: The Foundstone product is now known as McAfee Vulnerability Manager. For this release,
some portions of the product retain the Foundstone label.
Installation checklist
These are the basic steps for preparing your network and installing McAfee Vulnerability Manager 7.5.
Each step is explained in further detail later in this guide.
Installing on a single server

For users who want to install McAfee Vulnerability Manager on a single server. This section describes
installing McAfee Vulnerability Manager, running your first scan, and reviewing the report. See
Installing on a single server (page 24).
Upgrade instructions
For users who are upgrading from a previous version of the product, follow the instructions in
Upgrading to McAfee Vulnerability Manager 7.5 (on page 63).
Custom installation
For users who want to install McAfee Vulnerability Manager on a more than one server. This
installation process requires some planning and configuration for proper installation.
Step 1: Pre-installation planning
Scope out the size and shape of your network. Take special note of geographic challenges and
firewalls.
Determine which deployment architecture to use, based on the size and accessibility of the
network. If a scan engine needs to access the entire network, are there any barriers?
Using the system requirements guidelines for your chosen architecture, acquire systems and
software to host the McAfee Vulnerability Manager servers.
For details about pre-installation planning, see Before you install McAfee Vulnerability Manager (on page
31).
Note: McAfee Vulnerability Manager does not support installation on a system with an underscore in
the host name.
Introducing McAfee Vulnerability Manager

Components and what they do
Step 2: System component preparation
Install Microsoft SQL Server (see "Preparing the database server" on page 32) and its latest
service pack on the database server. Make sure that it is fully functional, and that the system
administrator (SA) password is available.
On the web server, install Microsoft IIS Web Server (see "Preparing the web server" on page 35)
and its latest security patches.
For details about preparing your servers, see System component preparation (on page 32).
Step 3: Install McAfee Vulnerability Manager 7.5
Run the McAfee Vulnerability Manager 7.5 installation program on each server.
For more information, see How to install McAfee Vulnerability Manager 7.5 (see "McAfee Vulnerability
Manager 7.5 installation" on page 35).
Post installation tasks
On one scan engine, run the McAfee Vulnerability Manager 7.5 update program (see "McAfee
Vulnerability Manager Update" on page 51) to get the latest vulnerability updates. This updates
the database and any other scan engines connected to it.
Register McAfee Vulnerability Manager 7.5 to activate it (see "Register McAfee Vulnerability
Manager 7.5" on page 56). You have 60 days to use McAfee Vulnerability Manager 7.5 before the
product ceases to function.
Harden your servers (see "Hardening your servers" on page 61) to comply with your organization
security policies.
Maintain your database with regular backups and updated statistics to keep it running at optimal
performance.
For more information, see Configuring your servers (on page 51).
Components and what they do

McAfee Vulnerability Manager consists of components that work together to monitor your systems.
Enterprise manager Uses Microsoft Internet Information Services (IIS) to provide authorized
users with access to McAfee Vulnerability Manager through their web browsers. It allows them to
manage and run the product from anywhere on the network. Access is protected by user
identification and authentication. Set up Secure Socket Layers (SSL) through the web server to
provide encrypted communication to browsers.
Scan engine Scans the network environment. Depending on the logistics and size of your
network, you might need more than one scan engine to scan the network.
Scan controller Provides the communication between the scan engine and the database. Most
network environments only need one scan controller. For a large network (class A) or segmented
network (WAN), use multiple scan controllers.
Database The data repository for the product. It uses Microsoft SQL Server to store everything
from scan settings and results to user accounts and scan engine settings. It contains all of the
information needed to track organizations and workgroups, manage users and groups, run scans,
and generate reports.
API server Provides the communication between the enterprise manager and the database.
Notification service Provides SNMP and email (SMTP) notification messages for integration
with third-party help desk management systems and email servers.
Data synchronization service Gathers information from McAfee ePO databases, LDAP servers,
and other McAfee Vulnerability Manager 7.5 databases. For McAfee ePO databases, it provides
data to the product for host and OS identification. For LDAP servers, it provides assets you can
add to scan configurations. For other McAfee Vulnerability Manager databases, it provides scan
data.
Report engine Generates scan-based and asset-based reports.
Introducing McAfee Vulnerability Manager

Find product documentation
Configuration manager Distributes initial certificates to the other product components and
manages the updates to the product components.
Web application scanner Provides a scan configuration, vulnerability checks, and scan reports
for web applications. The web application scanner is a module that must be purchased.
Audience
This information is intended for network administrator responsible for installing and configuring
software on network servers.
Find product documentation

McAfee provides the information you need during each phase of product implementation, from
installing to using and troubleshooting.
1
Go to the McAfee Product Download site.
Type in your grant number, then click Submit.
Select McAfee Vulnerability Manager.
After a product is released, information about the product is entered into the McAfee online
KnowledgeBase at http://mysupport.mcafee.com.
System Requirements and Architectures

Number of servers required
System Requirements and

Architectures
These guidelines describe the McAfee Vulnerability Manager 7.5 system requirements for each
component.

The number, type, and placement of product servers depend on the total amount of address space,
total number of live devices, network topology, desired scan performance, network constraints, and
network policies.
Note: McAfee Vulnerability Manager supports only servers running English-language operating
systems.
The following matrix provides guidelines for determining the number of McAfee Vulnerability Manager
servers.
Number of
live IPs
Number of servers
Notes
0 2,500
One product server with an All- Ideal for small networks

in-One configuration
and product evaluations
2,500
10,000
Two product servers: One

configured as enterprise
manager web portal and the
other configured as a
database, API server, scan
controller, and a scan engine
with additional components.
Very common configuration

for small to mid-sized
deployments
10,001
20,000
Two product servers: One

manager web portal and the
other configured as database,
API server, scan controller,
and scan engine with
additional components.
Well-suited for large,

distributed environments
One product server configured

as a dedicated scan engine.

Number of
live IPs
Number of servers
Notes
20,001 >100,000
Three product servers: One

manager web portal, one
configured as database, and
one configured as API server,
scan controller, and scan
engine with additional
components.
Ideal for large, global,

distributed and diverse
networks
n product servers configured as

dedicated secondary scan
engines.
Consider these factors:
Number of IP addresses to be scanned. The primary factor is the number of IP addresses to be

scanned. Small to medium-sized networks, as well as installations for product evaluation
purposes, can deploy a single product server. Larger networks are better accommodated with
additional hardware.
Network connectivity to, and reachability of, all desired target environments. A scan engine must be
able to reach its targets for the results to provide value. When placing scan engines, consider the
networks that are to be scanned and place the scan engine so that it is able to reach the
maximum number of assets with as few firewalls or packet filtering devices as possible.
Firewall traversing. The purpose of a firewall is to restrict traffic to legitimate users and prohibit
traffic that might be malicious. Depending upon the nature of the vulnerability and the discovery
methodology, vulnerability scanning signatures might resemble malicious traffic and be blocked or
filtered by a firewall or port filter. The result of such well-intentioned security devices might be
that the quality of data returned from a vulnerability scan is adversely affected. For example,
hosts behind a firewall might not be discovered correctly or at all, or a firewall might make it
appear that every host behind the firewall is present when they are not. Another possible effect is
that discovery and assessments might take longer to complete when having to traverse a firewall
compared to scans that do not have to traverse firewalls. A common technique to mitigate the
impact is to either avoid sending the assessment traffic through a firewall altogether, or to create
an exception rule in the firewall rule base to allow any and all packets to and from the scan engine
to traverse the firewall unaltered.
WAN links and latency. To ensure a manageable vulnerability assessment schedule, McAfee
Vulnerability Manager employs various timing and monitoring components. Such components
monitor the total time a thread has taken to run a check against a host. If a certain threshold is
exceeded, the thread is terminated under the assumption that the host is down, or that packets
have been lost in transit to or from the host. This technique is necessary to ensure that a scan is
not in an infinite waiting state. Therefore, WAN links, or heavily congested networks in general,
might need special consideration in a deployment. Tests have shown that scanning via WAN links
with a latency of more than 150 milliseconds is likely to produce results of an improper quality.
For example, a set of systems can only be reached via a WAN link, then consider placing a scan
engine in the remote environment so scanning is done locally and not be subject to packet loss
and timeouts that are common on a congested WAN link.
10

Hardware and software requirements
Other network traffic (business-critical data/sessions). Any active scanning technology, such as
McAfee Vulnerability Manager, sends some amount of data to assets on the network. This is an
unavoidable consequence of any vulnerability scanning technology. McAfee Vulnerability Manager
provides robust and detailed controls that allow customers to optimize the scanning behavior and
speed of McAfee Vulnerability Manager. The product has default settings that have proved safe
and effective in most networks. However, no matter how McAfee Vulnerability Manager is
deployed and configured, you should always pay attention to network segments, WAN links,
firewalls, and so on, where particularly important data is passing. Consider a remote site that is
transmitting transactions from a website through a congested or slow WAN link during local
business hours. Since this system only operates during certain hours, you should configure scans
so that the environment is scanned while the web server is not processing transactions and not
relying on bandwidth on the WAN link.
Security or performance. When two product servers are used, McAfee recommends that you deploy
the enterprise manager on one system and the other product components on the second system.
This provides more security because the enterprise manager can be placed outside your firewall,
so users can access it, while the second system can be placed inside the firewall to gather
accurate data from scanned systems. However, having the scan engine and scan controller on the
same system as the database can slow performance, based on the amount of data being
processed. To improve performance when using two product servers, you could separate the scan
engine and scan controller from the database. For example: the enterprise manager, scan engine,
and scan controller on one system and the database and other McAfee Vulnerability Manager
components on the second system.

This section covers the minimum hardware and software requirements for installing McAfee
Vulnerability Manager.
Note: When installing McAfee Vulnerability Manager on a server running Windows 2008 R2, you
must either be logged in as the root administrator for the server or the Admin Approval Mode (see
"Disabling Admin Approval Mode (Windows 2008 R2)" on page 102) must be disabled.
Single server requirements

These are the system requirements for installing McAfee Vulnerability Manager on a single server (Allin-One). If you are installing McAfee Vulnerability Manager on multiple servers, see Multiple Server
requirements (page 12).
Note: McAfee Vulnerability Manager components require an Internet Protocol version 4 (IPv4)
address to properly communicate. Systems running product components must have an IPv4 address
and can have an IPv6 address to facilitate scanning IPv6 targets.
Single server system requirements

Component
Requirement
Processor
Dual Xeon 2 GHz, Dual Core Xeon 2.33 GHz,

or higher
Memory
4 GB RAM
Disk space
160 GB Partition
Dedicated system
Yes
Administrator account
11

Component
Requirement
Disk partition formats
NTFS
Network card
Ethernet
Single server software requirements
Microsoft Windows 2008 R2

Microsoft Windows 2008 R2 Service Pack 1 and later
The Foundstone Configuration Agent requires administrator rights to start and stop services. If
the logged in user does not have administrator rights, McAfee Vulnerability Manager might not
function properly.
Microsoft SQL Server
Microsoft SQL Server 2005 Service Pack 4 and later (32-bit and 64-bit)
Microsoft SQL Server 2008 Service Pack 1 and later (32-bit and 64-bit)
Microsoft SQL Server 2008 R2 Service Pack 1 and later (32-bit and 64-bit)
Microsoft SQL Server 2008 R2 Express Service Pack 1 and later (64-bit)
Also:
All Microsoft SQL and .NET hotfixes and patches.
McAfee recommends using 750 MB for the SQL memory setting.
SQL Browser (SQL Server 2008 R2 Express)

Additional software (covered by default Microsoft Windows and Microsoft SQL installations)
IIS 7.5, including current IIS security patches
MDAC 2.8
World Wide Web Publishing must be running
SQL Client Tools
Note: McAfee Vulnerability Manager does not support installing the database with .NET 4.0. If you
must use .NET 4.0, install the database first.
Note: If you change the network settings on the server running the scan engine, the system should
be restarted or the scan components must be restarted.
Multiple server requirements

McAfee Vulnerability Manager consists of several components. Any McAfee Vulnerability Manager
component requiring a minimum amount of system resources are listed below. If you are installing
multiple McAfee Vulnerability Manager components on a single server, use the highest minimum
system requirements as your guide.
Operating system requirements for all McAfee Vulnerability Manager 7.5 servers
Windows Server 2008 R2, without a service pack, or with Service Pack 1 or later. McAfee
Vulnerability Manager only supports English operating systems.
The Foundstone Configuration Agent requires administrator rights to start and stop services. If the
logged in user does not have administrator rights, McAfee Vulnerability Manager might not
function properly.
Note: To ensure scan accuracy and device communication, McAfee recommends specifying a static IP
address.
Note: McAfee Vulnerability Manager components require an Internet Protocol version 4 (IPv4)
12

Enterprise manager system requirements

Component
Requirement
Processor

or higher
Memory
4 GB RAM
Disk space
80 GB Partition
Additional software
IIS 7.5
Current IIS security patches
World Wide Web Publishing must be
running
Dedicated system
Yes
Administrator account
NTFS
Network card
Ethernet
Database system requirements

Component
Requirement
Processor

or higher
Disk space
160 GB Partition
Tip: 250 GB of disk space is recommended for
large networks.
Memory
4 GB
Additional software
Microsoft SQL Server 2005 SP4 and later

(32-bit and 64-bit)
Microsoft SQL Server 2008 SP1 and later
(32-bit and 64-bit)
Microsoft SQL Server 2008 R2 SP1 and
later (32-bit and 64-bit)
Also:
All SQL hotfixes and patches
All .NET hotfixes and patches
Note: Microsoft SQL Server 2008 R2 Express is

not recommended for a distributed environment.
Dedicated system
Yes
Virtual memory
4 GB minimum
NTFS
SQL server memory

settings
900 MB
13

Component
Requirement
Network card
Ethernet
SQL server memory recommendations

McAfee recommends using the following SQL memory settings:
When the database is the only component on the system, set the Maximum SQL memory to 1.4
GB.
When the database and the Report Server are both running on the same system, use 900 MB.
When the database and the scan engine are both running on the same system, use 750 MB.
Note: McAfee Vulnerability Manager does not support installing the database with .NET 4.0. If you
must use .NET 4.0, install the database first.
Scan engine system requirements

Component
Requirements
Processor

or higher
Memory
4 GB RAM
Disk space
80 GB Partition
Additional software
MDAC 2.8
Dedicated system
Recommended when running large scans
Virtual memory
4 GB minimum
NTFS
Required services
NetBIOS over TCP/IP
Network card
Ethernet
Note: Microsoft Windows does not allow the hostname and user name to be the same. Do not use
FS as the hostname for the system running the scan engine.
Note: If you change the network settings on the server running the scan engine, the system should
be restarted or the scan components must be restarted.
Scan controller system requirements

Component
Requirements
Memory
2 GB RAM
Disk space
80 GB Partition
Additional software
Dedicated system
No
Network card
Ethernet
MDAC 2.8
SQL Client Tools
Note: The scan controller provides communication between the scan engines and the database.
14

Configuration manager system requirements

Component
Requirements
Memory
1 GB RAM
Disk space
80 GB Partition
Additional software
MDAC 2.8
Dedicated system
No
Network card
Ethernet
API server system requirements

Component
Requirements
Memory
1 GB RAM
Disk space
80 GB Partition
Additional software
MDAC 2.8
Dedicated system
No
Network card
Ethernet
Notification service system requirements

Component
Requirements
Memory
1 GB RAM
Disk space
80 GB Partition
Additional software
MDAC 2.8
Dedicated system
No
Network card
Ethernet
Note: To provide notifications through email, this server must have access to the email relay server
on your network.
Data synchronization service system requirements

Component
Requirements
Memory
1 GB RAM
Disk space
80 GB Partition
Additional software
MDAC 2.8
15

Browser requirements
Component
Requirements
Dedicated system
No
Network card
Ethernet
Report engine system requirements

Component
Requirements
Memory
2 GB RAM
Disk space
80 GB Partition
Additional software
MDAC 2.8
Dedicated system
Recommended for report-intensive

environments
Network card
Ethernet
Microsoft Windows Server 2003 support

McAfee Vulnerability Manager 7.5 allows the use of Microsoft Windows Server 2003 for the scan
controller and scan engine only, with some limitations.
A Microsoft Windows Server 2003 scan engine cannot scan Internet Protocol version 6 (IPv6) targets;
this includes targets with an IPv4 address converted into an IPv6 address. The inability to scan IPv6
targets also affects McAfee Policy Auditor and McAfee Network Security Manager (NSM) integration
with McAfee Vulnerability Manager.
For installation information, see Adding an extra scan engine (page 38).
For upgrade information, see Microsoft Windows Server 2003 upgrade support (page 75).
Browser requirements
Depending on the network settings, authorized users can access McAfee Vulnerability Manager
through the web browser from anywhere.
If you are upgrading to McAfee Vulnerability Manager 7.5, users should clear their web browser cache
to ensure updated pages display properly.
Individual browser requirements
Microsoft Internet Explorer 8.0 or 9.0 running on a Microsoft Windows operating system.
The recommended minimum screen resolution is 1024 x 768.
Note: Searching for vulnerabilities in large reports might take a long time to complete. Use
Microsoft Internet Explorer 9.0 for the best results.
16

Network requirements
McAfee recommendations
Install the latest service packs for your browser and operating system.
Disable third-party pop-up blockers, web filters, and other extensions because these products can
interfere with the ability to display certain pages in the enterprise manager.
Install the Trusted Site Certificate (page 62) for all users accessing the enterprise manager.
Turn off Display intranet sites in compatibility View.
Note: Large fonts are not supported in Internet Explorer.
Disable Enhanced Security Configuration

If you are using Microsoft Internet Explorer 9 and Microsoft Windows Server 2008 (or Windows Server
2008 R2) to access the enterprise manager, Enhanced Security Configuration should be disabled.
1
Select Start | Administrative Tools | Server Manager.
Under Security Information, click Configure IE ESC.
Under Administrators, select Off.

Note: Don't disable the Enhanced Security Configuration for Users, unless nonadministrators use the Microsoft Windows Server 2008 (or Windows Server 2008 R2) system for
accessing the portal.
Click OK.
Close the Server Manager window.
McAfee Vulnerability Manager components use the network ports and protocols listed in the following
tables. If a firewall separates components, these ports and protocols must be opened in your firewall
configuration before you install McAfee Vulnerability Manager 7.5.
The network requirements diagrams use a distributed deployment architecture to display
communication paths. If you use a different deployment architecture, be sure to note which system is
running a McAfee Vulnerability Manager component, and use the port number and communication
path specified in the communication path tables.
The network requirements diagrams are separated into two groups: connecting McAfee Vulnerability
Manager components and connecting to external components. External components include other
databases, McAfee ePO databases, LDAP or Active Directory servers, and external ticketing or issue
management systems.
17

Connecting McAfee Vulnerability Manager components
Figure 1: Network requirements

McAfee Vulnerability Manager component communication paths
#
Title
Description
System 1 Enterprise
manager
Enterprise manager
System 2 API service,

engine
System 3 Database*
Scan controller
API server
Scan engine
Data synchronization
service
Notification service
Database
Configuration manager
Report engine
System 5 Scan Engine
Scan engine
Authenticated User
Users log on to the enterprise

manager.
Assessment management
search results
Ports: 443 or 80
Command and control
Port: 3800
System 4 Report server
SOAP over HTTPS or HTTP
SOAP over HTTPS or HTTP

3
API service
Port: 1433
(SSL over) TCP/IP
Scan data
Port: 1433
(SSL over) TCP/IP
18

service**
Port: 1433
Notification service***
Port: 1433
(SSL over) TCP/IP
(SSL over) TCP/IP

7
Scan data
Port: 1433
(SSL over) TCP/IP
Report data
Port: 1433
(SSL over) TCP/IP
Scan data (scan engine to Ports: 3803

scan controller)
REST over HTTPS or HTTP
10
Generating reports or
Ports: 3802
changing report templates
11
Generated reports
Ports: 443 or 80
12
Web browser traffic
Ports: 443 or 80
HTTPS or HTTP
*Changing the location of the configuration manager requires a communication path between the
configuration manager and the database, using Port: 1433, (SSL over) TCP/IP.
**Changing the location of the data synchronization service changes the communication path(s)
displayed in this diagram.
***Changing the location of the notification service changes the communication path(s) displayed in
this diagram.
Note: All McAfee Vulnerability Manager components have an FCM Agent installed. The
communication between each FCM Agent and the configuration manager server is Port: 3801, (SSL
over) TCP/IP.
19

Connecting external components
Figure 2: External component communications

External component communication paths
#
Title
Description
System 2 API service,

engine
External ticketing or issue

management
External SMTP server
External LDAP / Active

Directory (AD)
External McAfee ePO

Database
Notification service*
Scan controller
API server
Scan engine
service
Port: 162
SNMP
Port: 161
SNMP
Port: 25
SMTP
service**
Port: 389
service**
Port: 1433
LDAP
(SSL over) TCP/IP
20

Deployment architectures
*Changing the location of the notification service changes the communication path(s) displayed in this
diagram.
**Changing the location of the data synchronization service changes the communication path(s)
displayed in this diagram.
When installing McAfee Vulnerability Manager 7.5 components on multiple servers, use these general
guidelines to help determine the best setup for your network:
Dual-server architecture (on page 21)

Three-server architecture (on page 22)
Distributed server architecture (see "More than three servers" on page 23)
Dual-server architecture
This architecture is appropriate for small to medium (class C and class B) networks. The scan
controller, scan engine and the database are installed on the same server; the enterprise manager is
installed on its own server. This allows fast, efficient communication between the scan controller, scan
engine, and database while a dedicated server runs the enterprise manager interface for your users.
Figure 3: Dual server architecture
System 1: Web portal
Web portal
Report engine
System 2: Database and scan engine
Scan controller
Scan engine
API server
Data synchronization service
Database
Configuration Manager
21

Three-server architecture
This architecture is designed for large, global enterprises, and is appropriate for scanning multiple
class B and class A networks. In this configuration, all three components reside on individual servers.
Figure 4: Three-server architecture
System 1: Web portal
Web portal
System 2: Scan engine
Scan controller
Scan engine
API server
System 3: Database
Database
Report engine
22

More than three servers

Larger, more complicated environments need multiple scan engines. Each engine generates scan
traffic on their local network segments, and sends the resulting scan data back over the WAN to the
database. This dramatically reduces the amount of traffic on the WAN resulting from network scans.
Multiple scan engines can be added to this architecture.
Figure 5: Distributed server architecture

System 1:
Web portal
Web portal
System 2:
API server
Scan controller
Scan engine
API server
service
System 4:
Report server
Report engine
System 3:
Database
Database
System 5:
Scan engine
Scan engine
23
Installing on a Single Server

McAfee Vulnerability Manager architecture

The goal of this chapter is to give you an outline of the steps needed to conduct your first vulnerability
scan with the McAfee Vulnerability Manager Software. This chapter is not intended to provide all of the
detailed information you might need, rather simply provides a brief overview of the process. Later
chapters in this guide contain more detailed information, including installing McAfee Vulnerability
Manager on more than one server.
This chapter takes a layered approach to help you better understand the overall McAfee Vulnerability
Manager solution and how the pieces fit together. This chapter provides the following information:
An outline of the overall process necessary to conduct your first vulnerability scan
A high-level overview of the McAfee Vulnerability Manager architecture
How the pieces fit together
A checklist to help you install and configure McAfee Vulnerability Manager to run on a single
appliance
A checklist to help you conduct your first vulnerability scan and produce a report
the host name.
Audience
This chapter is designed for the new user installing McAfee Vulnerability Manager on a single server
(also known as Standard or an All-in-One). If you need to install McAfee Vulnerability Manager on
more than one server, review later chapters in this document for more information.
Process overview
There are several steps necessary to set up and configure McAfee Vulnerability Manager and begin
scanning. This list highlights the general steps:
1
Configure Microsoft SQL 2005 or 2008
Install and configure McAfee Vulnerability Manager 7.5 on a single system (All-in-One)
Set up your first scan and review the report
McAfee Vulnerability Manager architecture

McAfee Vulnerability Manager consists of several components. The three major components of McAfee
Vulnerability Manager are:
Enterprise Manager (web user interface)

Database using Microsoft SQL Server (Microsoft SQL Server 2005, 2008 R2, 2005 Express, 2008,
or 2008 R2 Express)
Scan Engines (there can be several scan engines per McAfee Vulnerability Manager instance and
the scan engines can be remote)
24

Installing and configuring McAfee Vulnerability Manager on a single server
Other McAfee Vulnerability Manager configuration applications and services include a scan controller,
an API service, a reporting service, a notification service, configuration manager, an update service,
and data synchronization.
In large enterprises, scanning hundreds of thousands of assets, these components and services
should be installed on three to five separate appliances. This process is described in later sections of
this guide, and is not be the focus of this chapter.
However, for most customers not scanning hundreds of thousands of assets, a simpler approach is
adequate. Either a single server or two servers (database separate) provides sufficient capacity. This
chapter takes you through the process of installing McAfee Vulnerability Manager on a single server.
How the pieces fit together

After the initial system configuration, all vulnerability management functions (scanning, reporting, and
remediation) are driven through the web portal. As McAfee Vulnerability Manager scans targets, the
data is stored in the SQL database and reports are generated by the report server. Reports can be
delivered by email or viewed through the web portal.
When deploying remote scanning engines (or other distributed McAfee Vulnerability Manager
components) on other servers, the secure communication link between the distributed components is
managed by the configuration manager. The configuration manager is mainly for infrastructure
management, not for every day vulnerability management.
Installing and configuring McAfee Vulnerability Manager on

a single server
You can install and configure McAfee Vulnerability Manager on a single server that uses Microsoft SQL
Server as its database.
The SQL settings are similar for both Microsoft SQL 2005 and SQL 2008, but the setting locations are
different in each installation wizard. The SQL Server settings for both versions are included in this
guide.
For Microsoft SQL Server 2008 R2 Express settings, see Using Microsoft SQL 2008 R2 Express (page
102).
Configuring Microsoft SQL 2005 (15-30 minutes)

McAfee Vulnerability Manager 7.5 uses Microsoft SQL Server as its database. Install the Microsoft SQL
Server database as directed by the SQL Server documentation.
For information about installing Microsoft SQL Server 2005 Express or 2008 R2 Express, see the
Appendix in this guide.
Before installing the SQL Server, make sure your systems meet the minimum system requirements
(see "System Requirements and Architectures" on page 9).
Note: If you are upgrading from SQL Server 2000 to SQL Server 2005, go to Upgrading to SQL Server
2005 (page 67).
25

SQL server installation suggested settings

The following table shows the page names and recommended settings for each step of the installation.
These settings are based on a typical Microsoft SQL Server 2005 installation.
Installation Page
Setting
Components to
Install
Select SQL Server Database Services and the

Workstation components, Books Online and
development tools.
Instance Name
Select Default instance.

Note: It is possible to give the instance a name. You
must type this instance name when installing other
McAfee Vulnerability Manager components. See
Changing the SQL Instance Name (page 47).
Service Account
Select Use the built-in System account, then

select Local system from the list.
Select SQL Server under Start services at the
end of setup.
Authentication Mode
Select Mixed mode. This mode is required to create

or upgrade the database. See Changing the Database
Authentication Settings (on page 77) for information on
how to change this setting later.
Create a password for the SA account. The
maximum password length is 128 characters.
Important: Remember the SA account password. You
can use the SA account to access the database for
maintenance or to back up the database.
Collation Settings
Accept the defaults.
Error and Usage

Report Settings
Accept the defaults (none selected).
After the installation has completed, McAfee recommends that you restart the computer before using
SQL Server. Then, make sure the system has the latest SQL server service pack.
Configuring SQL Server 2008 (15 - 30 minutes)

The following lists show the recommended and minimum Microsoft SQL Server 2008 and 2008 R2
features for using McAfee Vulnerability Manager.
Note: If you are upgrading from Microsoft SQL Server 2000 to Microsoft SQL Server 2008, go to
Upgrading Microsoft SQL Server 2000 (page 67).
SQL server installation (recommended)
Database Engine Services, including all sub-features

Client Tools Connectivity
Client Tools Backward Compatibility
SQL Server Books Online
Management Tools (complete)
26

SQL server installation (minimum)
Database Engine Services

After the installation finishes, McAfee recommends that you restart the computer to begin using SQL
Server. Then, make sure you have the latest SQL server service pack.
Installing McAfee Vulnerability Manager (30 minutes - 1 hour)

1
Run the McAfee Vulnerability Manager installation program. The Welcome to McAfee
Vulnerability Manager screen appears. Click Next. The end user license agreement appears.
Read the end user license agreement. Select Accept, then click Next. The Select Installation
Type screen appears.
Select Standard, then click Next.
Select the database server where you want to install the database.
Note: For 64-bit operating systems, you must type in the database server name.
You must have administrative access to the SQL database to install the database. You can select
Windows authentication or SQL Server authentication. If you select SQL Server authentication,
type the SQL database credentials.
Click Next.
Review the system checklist.

The installation program runs a system check to ensure that all dependencies (critical and noncritical) are met. If any of the dependency checks fails, you must resolve the issue before you can
install McAfee Vulnerability Manager. To resolve a dependency check, you must exit the
installation program, fix the issue, then rerun the installation program.
If all system checks pass, click Next. The Database Connection Information screen appears.
Type a McAfee Vulnerability Manager user password for the database.

Type and re-type a password for the McAfee Vulnerability Manager user. The host name or IP
address of this server is already entered in the field. The McAfee Vulnerability Manager user is
used for connecting other McAfee Vulnerability Manager components to the database.
Click Next. The Global Administrator Password page appears.
Create a password for the McAfee Vulnerability Manager Global Administrator.

The McAfee Vulnerability Manager Global Administrator can create organizations and manage
workgroups (sub-organizations) through the web interface. Type and re-type a password for the
Global Administrator. There is only one global administrator per McAfee Vulnerability Manager
deployment. Click Next to continue.
When logging on as the Global Administrator, the organization name is fsglobal and the user
name is globaladmin.
Create a new organization and type an administrator password.

McAfee Vulnerability Manager uses organizations and workgroups (sub-organizations) as a way of
managing access to the McAfee Vulnerability Manager web interface.
Type the name of your first organization. Then type and re-type a password for the Administrator.
Click Next. The Installation Settings page appears.
Click Install to install McAfee Vulnerability Manager. Since all components are installed on one
server, there is no need to change any settings on the Installation Settings page.
10 When the installation process is complete, click Finish. A message states that a system restart is
required.
11 Click OK to restart the system.
Note: When installing McAfee Vulnerability Manager on Windows 2008 R2, a FS user account is
created and appears on the logon screen. The FS account is reserved for the McAfee Vulnerability
Manager scan engine and should not be used or modified.
27

Creating your first vulnerability scan and report
The McAfee Vulnerability Manager single server system is configured and you can create your first
vulnerability scan, run it, and review the results.
Note: Any changes made to the server hosting the McAfee Vulnerability Manager web portal (e.g.
system name or domain name) after installation requires a manual change to the shortcut on the
desktop.

Once your McAfee Vulnerability Manager is installed and configured on a single server, you can create
a Full Vulnerability scan and view the report.
This section describes the steps required to set up your first vulnerability scan, run the scan, then
review the results. Suggestions and tips are included to help you understand the workflow for McAfee
Vulnerability Manager scans and scan data. More detailed information is available in the McAfee
Vulnerability Manager product guide.
McAfee Vulnerability Manager scans begin by creating a scan configuration through the web interface.
A full vulnerability scan assesses your network for vulnerabilities using all existing non-intrusive
vulnerability checks. The vulnerability scan report shows you the comprehensive data collected by the
scan that provides an executive overview of the scan results and detailed information for each system
scanned. It is recommended for your first scan to use a small set of the IP addresses available on
your network. Full vulnerability scans require more time than other McAfee Vulnerability Manager
scans due to the amount of data being assessed during the scan. By providing a small set of systems
to scan, you can see the benefits of McAfee Vulnerability Manager scanning and reports in a shorter
period of time.
You can create your own scan configuration or select a pre-configured scan template. In a scan
configuration you assign IP addresses or ranges to be scanned, type the credentials for accessing
systems during scanning, select which vulnerabilities to scan for, select formats for your reports, and
set up a schedule for running the scan.
Providing credentials in a scan configuration allows the scan engine credentialed access to the
systems being scanned, and returns a more accurate report on which systems are vulnerable and
which are not. You can create a credential set which is a list of user credentials that can be used
during a scan. A credential set can be used in multiple scan configurations and saves you time when
user credentials change. You can update one credential set and have it applied to multiple scan
configurations rather than having to update each scan configuration.
Building your first vulnerability scan

Create a Full Vulnerability scan to find asset vulnerabilities on your network.
1
Log on to the enterprise manager as an organizational administrator.

Double-click the McAfee Vulnerability Manager icon on the desktop to open the logon page. Use
the organization name, organization administrator name and password you created. For the
organization you created during installation, the user name is Administrator.
The home page displays key information about the systems scanned within an organization or
workgroup. This page is populated with data once you have completed your first scan.
Open the new scan window and select a McAfee Vulnerability Manager template.
Select Scans | New Scan, the Scan Details window appears. Select Use a McAfee
Vulnerability Manager template and a list of available McAfee Vulnerability Manager templates
appears. Select Full Vulnerability Scan and click Next. The window displays the scan
configuration tabs.
28

Give the scan configuration a name and select your scan targets.
Type First Vuln Scan in the Name field. Type the IP address(es) you want to scan by either
typing individual host names or IP addresses using the Host Name field, or type an IP range
using the Starting IP Address and Ending IP Address fields. Click the plus icon (+) to include
the IP addresses and host names to your scan configuration. Click Next and the Settings tab
appears. Accept the defaults for your first scan. Click Next. The Reports tab appears.
Do not create remediation tickets for your first scan.

Deselect Create remediation tickets. Remediation tickets are not covered in this section. More
information about remediation tickets is available in the McAfee Vulnerability Manager product
guide. Click Next and the Scheduler tab appears.
Set Activation to Active and, under Schedule Type, select Immediate is selected under . Click
Save and Scan Now. The vulnerability scan starts.
To view the status of this scan, select Scans | Scan Status. The Scan Status page appears.
Depending on how many hosts you set for this scan, the scan could take several minutes to
complete.
Viewing the vulnerability scan report

Once your first vulnerability scan is complete, you can view the results in the web browser.
1
Open the vulnerability report.

From the Scan Status page, click the View Report button to display the scan report page.
Or select Reports | View Scan Reports. Click View Report to open the report in the browser.
Review the summary results of the vulnerability scan.

The McAfee Vulnerability Manager Summary Report page provides an executive-level
overview of the scan results.
The FoundScore summary shows the amount of risk based on the FoundScore Risk Rating
System. The rating system compares your environment against best practices to calculate your
FoundScore value. A high FoundScore value (71-100) means your network is more secure, while a
low FoundScore value (0-50) means your network has more security weaknesses.
The Vulnerability Report Summary provides charts to represent the total number
vulnerabilities and the percentage of vulnerabilities based on severity.
Click Detailed Report in the Vulnerability Report Summary section header to view the
Detailed Vulnerability Report.
Review the vulnerability report of the vulnerability scan.

The McAfee Vulnerability Manager Detailed Vulnerability Report page contains more
information about the vulnerabilities found on the targets you scanned.
The Number of Vulnerabilities by Operating System chart shows how many vulnerabilities
were discovered for each operating system on your network. Each bar in the chart has colored
segments to show the high, medium, low, and informational levels of the vulnerabilities found for
each operating system. This chart provides a quick view of which operating system has the
highest total number of vulnerabilities and which operating system has the highest number of
high-risk vulnerabilities. You can see which operating systems are the most vulnerable on your
network. If the chart is difficult to read, there is a table with the same information just below the
chart.
The Top 15 Hosts with the Largest Number of Vulnerabilities chart shows which individual
targets on your network have the most number of vulnerabilities discovered during the scan. This
chart provides a quick view of which target has the highest total number of vulnerabilities and
which target has the highest number of high-risk vulnerabilities. This allows you to prioritize which
targets need immediate attention. Just below the hosts chart is a table that lists the 15 hosts
represented in the chart, with links that take you to the target details page (Vulnerabilities By
IP Report). Click on one of your host links in the Top 15 Hosts with Vulnerabilities table.
Review the vulnerabilities for a single target.

The Vulnerabilities By IP Report is a paged report with vulnerability information found on each
target scanned. By using the Top 15 Hosts with Vulnerabilities link, you can go directly to a
high-risk target and review the vulnerability information for that target.
29

Post-installation activities
Each vulnerability information section has a short description, a recommendation on how to

resolve the issue, an observation that explains how the vulnerability is used, and a link to the
Common Vulnerabilities and Exposures (CVE) website (if a CVE exists for this vulnerability).
Congratulations, you have just completed your first vulnerability scan and reviewed the report. What
you learned in this quick start guide can be applied to the other McAfee Vulnerability Manager scan
templates to help you gather the network information you need and review the results. For more
information on scanning and other McAfee Vulnerability Manager functions, review the product guide
or web portal help.
Post-installation activities
After McAfee Vulnerability Manager is installed and generating reports, review the Post Installation
Activities (see "Configuring Your Servers" on page 51) to finalize your McAfee Vulnerability Manager
configuration. Post installation activities include registering McAfee Vulnerability Manager, setting up
McAfee Vulnerability Manager Update, and hardening your servers.
30
Installing on Multiple Servers

Before you install McAfee Vulnerability Manager

The following preinstallation planning, system preparation, and McAfee Vulnerability Manager
installation procedures are for users installing McAfee Vulnerability Manager components on more
than one server.
Before you install McAfee Vulnerability Manager

Before you install McAfee Vulnerability Manager 7.5, read these instructions to ensure that your
systems are prepared. You need to understand the type of architecture you are installing, and the
system requirements for each server within that architecture.
the host name.
McAfee Vulnerability Manager 7.5 components

McAfee Vulnerability Manager 7.5 consists of five main components:
The enterprise manager uses Microsoft Internet Information Services (IIS) to provide authorized
users with access to McAfee Vulnerability Manager 7.5 through their web browsers. It allows them
to manage and run McAfee Vulnerability Manager 7.5 from anywhere on the network. Access is
protected by user identification and authentication. Secure Socket Layers (SSL) can be set up
through the web server to provide encrypted communications to browsers.
One or more scan engines scan the network environment. Depending on the logistics and size of
your network, you might need more than one scan engine to scan the network.
Note: If you change the network settings on the server running the scan engine, the system
should be restarted or the scan components must be restarted.
The API server provides the communication between the enterprise manager and the database. It
is recommended that the API server is installed on one of the scan engines.
The scan controller provides the communication between the scan engine and the database. It is
recommended that the scan controller is installed on one of the scan engines.
The database is the data repository for the McAfee Vulnerability Manager system. It uses Microsoft
SQL Server to store everything from scan settings and results to user accounts and scan engine
settings. It contains all of the information needed to track organizations and workgroups, manage
users and groups, run scans, and generate reports.
Each component can be on its own dedicated server, although it is possible to combine the scan
engine and database when installing on smaller networks. Each server should contain a fresh
installation of the operating system with updated security patches. Do not run any other major
applications on these servers.
Users log onto the enterprise manager through their web browser to access the system.
Note: To ensure scan accuracy and device communication, McAfee recommends specifying a static IP
address.
31

System component preparation
Additional modules
Four additional modules are available in McAfee Vulnerability Manager 7.5. These modules can be
installed with other McAfee Vulnerability Manager components. See System requirements and
architectures (on page 9) section for further details.
The configuration manager distributes initial certificates to the other McAfee Vulnerability Manager
components and manages updates to the various components of McAfee Vulnerability Manager.
The notification service provides SNMP and email (SMTP) notification messages for integration
with third-party helpdesk management systems and email servers. The notification service can be
installed on any server that meets the system requirements it does not have to be installed on a
server running other McAfee Vulnerability Manager components.
The report engine generates both scan-based and asset-based reports.
The data synchronization service gathers information from McAfee Vulnerability Manager
databases, ePO databases and LDAP servers. For McAfee Vulnerability Manager databases, it
provides scan data and asset information to be imported from another McAfee Vulnerability
Manager database. For ePO databases, it provides data to McAfee Vulnerability Manager for host
and OS identification. For LDAP servers, it provides assets that can be added to scan
configurations.

Before installing McAfee Vulnerability Manager 7.5, prepare the servers that host the enterprise
manager, database, API server, scan controller, and scan engine(s). These servers must contain the
proper supporting software and service packs. The installation program verifies that these
requirements have been met before installing McAfee Vulnerability Manager 7.5.
Refer to the system requirements (see "System Requirements and Architectures" on page 9) before
proceeding.
Note: Before beginning the installation process, ensure that all systems on which McAfee
Vulnerability Manager is installed have valid computer names. This includes ensuring that invalid
characters are not used as part of the computer name, such as underscores (current operating
systems no longer allow the underscore to be used as part of the computer name). Valid characters
for the computer name are upper and lowercase alphabetic characters, numeric characters, and the
dash.
Preparing the database server

McAfee Vulnerability Manager 7.5 uses Microsoft SQL Server as its database. Install the Microsoft SQL
Server database as directed by the SQL Server documentation.
For information about installing Microsoft SQL Server 2005 Express or 2008 R2 Express, see the
Appendix in this guide.
Before installing the SQL Server, make sure your systems meet the minimum system requirements
(see "System Requirements and Architectures" on page 9).
32

Microsoft SQL server 2005 installation settings

If you are upgrading from Microsoft SQL Server 2000 to Microsoft SQL Server 2005, go to Upgrading
Microsoft SQL Server 2000 (page 67).
Note: During installation, the database name is not automatically added to the database field on the
Database Administrator page. You must type in the database name or the instance name.

Use the following settings to configure your SQL Server.
Installation Page
Setting
Components to
Install

development tools.
Instance Name

Service Account

end of setup.
Authentication Mode

Important: Remember this password. You need it when
you install the McAfee Vulnerability Manager
Configuration Manager, scan controller, API server,
notification service, data synchronization service, and
report engine.
Collation Settings
Error and Usage

Report Settings
33

Changing the Microsoft SQL memory settings

Change the memory settings for Microsoft SQL Server to optimize performance for McAfee
1
Select Start | Programs | Microsoft SQL Server | SQL Server Management Studio.
Log on to SQL Server Management Studio.
Right-click the server and select Properties.
Select Memory.
Change the Maximum Server Memory to two-thirds the maximum server memory.
Click OK.
Microsoft SQL server 2008 and 2008 R2 installation features



Preparing the scan engine server

Before you install McAfee Vulnerability Manager 7.5, make sure that the server on which you want to
install the scan engine is properly prepared by doing the following:
Make sure your systems meet the minimal system requirements. For more information, see
System Requirements (see "System Requirements and Architectures" on page 9).
If MDAC 2.8 is not installed on the scan engine, download and install the latest MDAC from the
Microsoft website. McAfee Vulnerability Manager 7.5 does not install without this required
component.
Note: The installation program checks for the Microsoft Windows Script 5.7 and installs it if
necessary. This program can be updated by the Windows Update Program through the Internet
Explorer web browser.
34

McAfee Vulnerability Manager 7.5 installation
Preparing the web server

McAfee Vulnerability Manager uses Microsoft Internet Information Services Web Server (IIS) to host
the enterprise manager and make it available throughout the network.
Windows 2003
On Windows Server 2003, IIS version 6.0 is installed by default.
Windows 2008 R2
On Windows Server 2008 R2, IIS version 7.5 is not installed by default.
1
Open the Server Manager.

If this does not open when you start Windows 2008 R2, select Start | Administrative Tools |
Server Manager.
In the console tree (left pane), select Roles.
Select Add Roles.
Select Server Roles from the left pane.
Select Web Server (IIS) to install.
Select Role Services from the left pane.
Select CGI under Application Development.
Click Next, then click Install.
Once the installation is complete, click Close.

The McAfee Vulnerability Manager installation contains a list of suggested architectural configurations.
The suggested configurations have a predefined list of McAfee Vulnerability Manager components to
install on a server. For more details about suggested architectural configurations and the McAfee
Vulnerability Manager components installed on each server, review System Requirements and
Architectures (on page 9).
The McAfee Vulnerability Manager installation also contains a custom configuration setting so you can
select which McAfee Vulnerability Manager components to install onto a server. Customizing your
McAfee Vulnerability Manager installation can help if you have a large network, run a large number of
scans, or generate a high volume of reports.
Note: If you are hiding your Microsoft SQL server, see "Hiding an instance in Microsoft SQL Server"
(page 45) for more installation information.
Caution: The data synchronization service should only be installed on networks that use McAfee
ePolicy Orchestrator, LDAP, or multiple McAfee Vulnerability Manager databases.
35

Installing using a recommended installation type

McAfee Vulnerability Manager provides some recommended installation types when installing on more
than one server.
Tip: Before installing, close all other applications on the server.
Note: When installing McAfee Vulnerability Manager on a server running Microsoft Windows 2008 R2,
you must log on as the root administrator for the server or the Admin Approval Mode (see "Disabling
Admin Approval Mode (Windows 2008 R2)" on page 102) must be disabled.
1
Run the McAfee Vulnerability Manager installation program. The McAfee Vulnerability Manager
- Welcome screen appears.
Click Next. The end user license agreement appears.
Read the agreement, select Accept, then click Next. The Select Installation Type page
appears.
Select Advanced, then click Next. The Select Installation Type page appears.
Select an Architecture type, then select the System you are installing onto the server.
See Deployment Architectures (page 21) for suggestions on how to set up your servers.
Click Next. The System Checks page appears.
The installation program runs a system check to ensure that all critical and non-critical
dependencies are met. If any of the dependency checks fails, you must resolve the issue before
you can install McAfee Vulnerability Manager. To resolve a dependency check, you must exit the
Click Next.
The Architecture and System you selected to install determines what information you must create
or provide. See Information needed during installation (page 37) table for the information you need.
Type McAfee Vulnerability Manager information and click Next until the Installation Settings
page appears.
Review the installation settings and make sure all settings are correct.
To change a setting, double-click the setting. When you are finished modifying the setting, click
Next to return to the Installation Settings screen. See Installation Setting Descriptions (on page
43) for more details about each setting.
10 Click Install. The McAfee Vulnerability Manager components are installed.

required.
Note: When installing McAfee Vulnerability Manager on Microsoft Windows 2008 R2, a FS user
account is created and appears on the logon screen. The FS account is reserved for the McAfee
Vulnerability Manager scan engine and should not be used or modified.
McAfee Vulnerability Manager sends updates to some components after the installation process is
complete, like sending content updates to the scan engines. In most cases, these updates finish
shortly after the installation is complete. If there are a large number of scan engines or there is low
bandwidth communication to the scan engines, this update process could take longer. If McAfee
Vulnerability Manager is not functioning properly right after an installation, the update process might
not be complete.
Tip: Any changes made to the server hosting the McAfee Vulnerability Manager web portal (e.g.
system name or domain name) after installation requires a manual change to the shortcut on the
desktop.
36

Information needed during installation

The following table shows the information you need to complete the installation process (based upon
the suggested configuration selected).
Information needed during installation:

Configuration
Information needed
Dual server Web portal
Configuration manager IP address/host name and

port number
API server IP address/host name and port number
Database IP address/host name
Faultline database password
You must decide:
To enable or disable the ability of an organization

administrator to switch to the Global Administrator
user interface
Note: This is not recommended when there are multiple

organization administrators. Global Administrator settings
affect all organizations, which could lead to negative results if
too many users have access to the Global Administrator
interface.
Dual server Scan engine/
Database
Windows authentication to the SQL database, or

database administrator user name and password
Location of the enterprise manager (IP address,
NetBIOS, or DNS-resolvable name)
One-time synchronization with external remediation
management system.
Send notifications via SNMP, email, or both methods
Creating a new database or upgrading an existing
database
Whether or not to force protocol encryption
You must create:

Global Administrator password (by default, the
organization is fsglobal and the user name is
globaladmin)
Your first McAfee Vulnerability Manager

organization: create an organization name and
create a password for the organization administrator
37

Three server Web portal

port number
API server IP address/host name and port number
Report server IP address/host name and port
number
You must decide:

user interface

interface.
Three server Scan engine
Three server Database

port number
One-time synchronization with external remediation
management system.
Send notifications via SNMP, email, or both methods
Report server IP address/host name and port
number
database
You must create:

Global Administrator password (by default, the
organization is fsglobal and the user name is
globaladmin)

Adding an extra scan engine

Add extra scan engines to your network to fit your organization's needs. Extra scan engines are part
of the suggested Distributed Server architecture.
You can install the scan engine and scan controller on a system running Microsoft Windows Server
2003, but there are limitations. See Microsoft Windows Server 2003 support (page 16). During
installation, after accepting the end user license agreement, you have to option to install the scan
controller and scan engine. All other McAfee Vulnerability Manager components must be installed on a
system running Microsoft Windows Server 2008 R2.
38

Click Next. The End User License Agreement page appears.
Select I accept the terms of this license agreement. Click Next. The Select Installation
Type page appears.
Select Advanced. Click Next.
Under Architecture, select Custom. Click Next.
Select Scan Engine. Make sure all other McAfee Vulnerability Manager components are
deselected. Click Next.
Review the system checks and make sure all dependencies have passed. If any dependencies
have failed, exit the installation, correct the dependency, then restart the installation process.
Click Next.
Type the IP address of the server hosting the configuration manager. If you want to change the
port number for configuration manager, type the port number in the port field. Click Next.
Next to return to the Installation Settings screen. See Installation Setting Descriptions (on page 43)
for more details about each setting. Click Next.
10 When the installation process is complete, click Finish.
Installing using the custom installation type

Customize your installation by installing individual components on a server.
1
Click Next. The end user license agreement appears.
Select Accept, then click Next. The Select Installation Type page appears.
Select Advanced, then click Next. The Select Environment page is displayed.
Select Custom/Upgrade for the Architecture type.

For descriptions about each McAfee Vulnerability Manager component, see Select Components (see
"Select components for custom installation" on page 40).
Click Next. The System Checks page appears.
The installation program runs a system check to ensure that all dependencies (critical and noncritical) are met. If any of the dependency checks fails, you must resolve the issue before you can
install McAfee Vulnerability Manager. To resolve a dependency check, you must exit the
Click Next.
The Architecture and System you selected to install determines what information you must create
or provide. See the Component information needed (page 41) table when installing individual
components.
Type McAfee Vulnerability Manager information and click Next until the Installation Settings
page appears.
Next to return to the Installation Settings screen. See Installation Setting Descriptions (on page
43) for more details about each setting.
39

10 Click Install. The McAfee Vulnerability Manager components are installed.

required.
McAfee Vulnerability Manager sends updates to some components after the installation process is
shortly after the installation is complete. If there are a large number of scan engines or there is low
Vulnerability Manager is not functioning properly right after an installation, the update process might
not be complete.
Note: If your organization generates a high volume of reports, it is recommended that you install
your report engine and your database onto separate servers. See Running a large number of reports
(see "Performance issues when running a large number of reports" on page 77).
Select components for custom installation

This dialog box lets you select McAfee Vulnerability Manager component(s) to install on the current
server.
Figure 6: Select Components
Enterprise manager components

Component
Description
Database
Stores information including organization settings,

user account information, scan configurations, and
scan results.
40

Enterprise
manager
Provides web-interface to control scans, view

reports, and manage McAfee Vulnerability Manager
through your intranet.
Note: IIS must be installed and World Wide Web
Publishing Service must be running on the server for
the enterprise manager component to be available.
Notification
service
Adds Simple Network Management Protocol

(SNMP) integration for remediation tickets and
provides email support.
Configuration
manager
Provides a centralized, uniform way to patch,

update, configure, monitor, and otherwise manage
an entire McAfee Vulnerability Manager
deployment.
Report engine
Generates both scan-based reports and assetbased reports.
Data
synchronization
service
Gathers information from McAfee ePolicy

Orchestrator, LDAP, or other McAfee Vulnerability
Manager databases and provides it to McAfee
Vulnerability Manager for host and OS
identification.
API server
Provides the communication between the

enterprise manager and the database.
Scan controller
Provides the communication between the scan

engine and the database.
Scan engine
The scan engine scans the network.
Component information needed for custom installation

While McAfee Vulnerability Manager provides predefined configurations to meet most needs, some
organizations require some custom configurations. McAfee Vulnerability Manager allows you to select
which components to install. The following table lists the information needed when installing each
component by itself.
Information needed when installing components

Component
Information needed
Scan Engine
Configuration Manager IP address/host name and

port number
Scan Controller

port number
41

Database

port number
database
You must create:
Enterprise
Manager

Global Administrator password

port number
API Server IP address/host name and port number
Report Engine IP address/host name and port
number
You must decide:

user interface

interface.
Notification
Service

port number
Configuration
Manager

Report Engine

port number
Data
synchronization
API server

port number
port number
42

Installation setting descriptions

Before McAfee Vulnerability Manager starts installing components onto the server, the installer allows
you to review installation settings and make any changes necessary. The table below lists the
installation settings and provides a brief description of what the setting does.
Option
Description
Enterprise
Manager
The IP address, NetBIOS name, or DNS name

for the enterprise manager.
API Server

for the API server.
API Server Port
The port number used to communicate with the

API server. The default port number is 3800.
Allow
Global/Org
Admin
Switching
Allow Root Organization Administrators to switch

to the Global Administrator user interface in the
enterprise manager.
Report Server

for the report engine.
Report Server
Port

report engine. The default port number is 3802.
Scan Controller
Port

scan controller. The default port number is 3803.
Engine Scan
Controller
Allow the configuration manager to automatically

assign a scan engine to a scan controller. This is
enabled by default.
Synchronize
"Assigned to a
User"
remediation
tickets
A one-time synchronization between the McAfee

Vulnerability Manager Remediation system and
your external change management system for
tickets in the "Assigned to a User" state.
Synchronize
"Unassigned"
remediation
tickets
A one-time synchronization between the McAfee

Vulnerability Manager Remediation system and
your external change management system for
tickets in the "Unassigned" state.
Method of
Notification
The choices are SNMP, Email, or Both.

Requires proper configuration of the SNMP
and/or Email Notifications. The Global
Administrator must log on to the enterprise
manager and select Manage | Notifications.
43

Database Server The host name of your database server.

Note: If you changed the Instance Name when
installing SQL Server, you must add the Instance
Name for McAfee Vulnerability Manager to
function properly. See Changing the SQL Instance
Name (page 47).
Faultline
Password
The password to the Faultline database. The

password is encrypted. The maximum password
length is 128 characters.
Database
Installation
Type
Select to install a new McAfee Vulnerability

Manager database or upgrade an existing
McAfee Vulnerability Manager database.
Force protocol
encryption on
DB server
Select this checkbox only to accept encrypted

traffic to the database. If you are installing a
new, fresh database and are only using the
database for McAfee Vulnerability Manager 7.5,
McAfee recommends turning this on to protect
the data between the scan controller and the
database.
Use DNS name

to identify
assets
Select this checkbox to have McAfee

Vulnerability Manager use the DNS name to help
identify your assets. DNS names generally do
not change, so they can be used as unique
identifiers for your assets.
If DNS names change in your environment, do
not select this option.
Create New
Organization
Name
The name of the organization to be created

when McAfee Vulnerability Manager is installed.
New
Organization
Administrator
Password
The password of the Root Organization

Administrator to be created when McAfee
Vulnerability Manager is installed.
Set Global
Admin
Password
The password of the Global Administrator to be

created when McAfee Vulnerability Manager is
installed.
Program
Location
The installation path for the McAfee Vulnerability

Manager product.
Reports
Location
The folder location where your reports are

saved.
Configuration
Manager Server

for the configuration manager.
Configuration
Manager Port
The port number used to communicate with your

configuration manager server. The default port
number is 3801.
44

Login information
The Global Administrator and the Organization Administrator (for the organization you created when
installing the product) have some predefined login information.
Global Administrator:
Organization name: fsglobal
User name: globaladmin

Organization Administrator (for the organization you created during installation):
User name: Administrator
Hiding a Microsoft SQL Server 2005 instance

If you are required to remove the TCP information regarding database instances in Microsoft SQL
Server 2005, use the following steps before you install McAfee Vulnerability Manager.
Note: This solution changes the TCP listening port of Microsoft SQL server to 2433. Applications that
require SQL connections and/or access control lists might need to be reconfigured.
1
Select Start | All Programs | Microsoft SQL Server 2005 | Configuration Tools | SQL
Server Configuration Manager.
Select an Instance to hide.
Select TCP/IP under Enabled Protocols.
Select Properties. The TCP/IP properties dialog box is displayed.
Select Hide Server.
Click OK. The TCP/IP properties dialog box closes.
Click OK. The Server Network Utility closes.
Restart the system.
Run McAfee Vulnerability Manager setup.
10 When prompted for the database server name, use the format server, 2433. If you are
upgrading McAfee Vulnerability Manager, on the Installation Settings step, double-click the
Database Server.
Figure 7: Installation settings
45

Hiding a Microsoft SQL Server 2008 instance

If you are required to remove the TCP information regarding database instances in Microsoft SQL
Server 2008, use the following steps before you install McAfee Vulnerability Manager.
Note: This solution changes the TCP listening port of Microsoft SQL server to 2433. Applications that
require SQL connections and/or access control lists might need to be reconfigured.
1
Server Configuration Manager.
Select SQL Server Network Configuration.
Right-click an instance and select Properties.
Select Hide.
Select Yes from the drop-down list.
Click OK. A message states that the service must be stopped and restarted.
Click OK.
Restart the system.
Run McAfee Vulnerability Manager setup.
10 When prompted for the database server name, use the format server, 2433. If you are
upgrading McAfee Vulnerability Manager, on the Installation Settings step, double-click the
Database Server.
Figure 8: Installation settings
46

Changing the SQL instance name

If you change the instance name when installing SQL Server, there are some extra configuration steps
you must do to ensure that McAfee Vulnerability Manager functions properly.
Note: If you installed SQL Server and accepted the Default Instance Name, you do not have to do
these steps.
McAfee Vulnerability Manager components

When installing McAfee Vulnerability Manager components that communicate with the database, you
must modify the Database server setting during the installation process of the McAfee Vulnerability
Manager component. On the Installation Settings step, modify the database server settings.
Figure 9: Selecting the database

1
Double-click Database Server.
Click Modify.
Type the host name or IP address, type a backslash and type the instance name
For example: ORCHID\Accounting or xxx.xxx.xxx.xxx\Accounting
To add a port number, type a comma and the port number.
For example: ORCHID\Accounting,1533 or xxx.xxx.xxx.xxx\Accounting,1533
47

Note: Although <Server Name>,<port> is a valid SQL Server reference when using a named
instance, this is not a valid reference for McAfee Vulnerability Manager. The instance name must
be included for McAfee Vulnerability Manager to function properly.
Figure 10: Modifying the database connection information

4
Type and confirm a user password
Click Next
Finish the installation process
The configuration manager might not accurately report the state of the SQL Server, or might fail to
control (start, stop) the service correctly. See McAfee KnowledgeBase article KB 54440 for information
on resolving this problem.
48
Uninstalling McAfee Vulnerability Manager

Uninstalling a previous version of McAfee Vulnerability Manager
Uninstalling McAfee Vulnerability

Manager
Whether you are uninstalling McAfee Vulnerability Manager 7.5 or a previous version, these steps
show how to ensure that the product is removed. This is particularly useful when you want to run a
"clean" installation, ensuring that settings from previous versions do not interfere.
Note: The migration process retains any modifications you have made to the php.ini or config.ini
settings on the enterprise manager, even though it creates a backup copy. See "Merging the
config.ini and php.ini files" (see "Merging the config.ini and php.ini files" on page 74) for more
information.
Uninstalling a previous version of McAfee Vulnerability

Manager
You do not need to uninstall a previous version before installing McAfee Vulnerability Manager 7.5.
1
On each server running a McAfee Vulnerability Manager component, go to the Windows Control
Panel and open Add/Remove Programs.
Select the version of McAfee Vulnerability Manager you want to remove and click Remove.
If any files are in use while being uninstalled, the program opens the Services window so you can
stop any product services still running, then the uninstall completes.
Caution: Do not delete the registry settings on any scan engine without having a good backup of the
McAfee Vulnerability Manager registry settings. Doing so can cause database objects to become
orphaned because the registry contains a unique identifier that ties the scan engine to the data.
If you must delete the registry settings for any reason, contact customer support for help on restoring
the database to the proper scan engine.
McAfee Vulnerability Manager 7.5 depends upon the following registry keys from previous versions.
For Windows 2003:
HKEY_CURRENT_USER\SOFTWARE\Foundstone
HKEY_LOCAL_MACHINE\SOFTWARE\Foundstone
For Windows 2008 R2:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foundstone
49
Uninstalling McAfee Vulnerability Manager

Do NOT remove registry keys
Do NOT remove registry keys

Caution: Do not delete the registry settings on any scan engine without backing up the settings.
Deleting McAfee Vulnerability Manager registry settings cause database objects to become orphaned
because the registry contains a unique identifier that link the scan engine to the data.
If you must delete the registry settings for any reason, contact customer support for help on restoring
the database to the proper scan engine.
McAfee Vulnerability Manager 7.5 looks for the following registry keys from previous versions.
For Windows 2003:
HKEY_LOCAL_MACHINE\SOFTWARE\Foundstone
For Windows 2008 R2:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foundstone
50
Configuring Your Servers

McAfee Vulnerability Manager Update

After McAfee Vulnerability Manager is installed, configure your servers to prepare them for use.

McAfee Vulnerability Manager Update lets you manually or automatically update McAfee Vulnerability
Manager 7.5 with new program updates and vulnerability checks from McAfee. Update runs on the
scan controller server. Running unattended, it automatically checks the McAfee update server for new
information, downloads it, and updates the database.
Note: If you are running more than one scan controller, only one needs to run McAfee Vulnerability
Manager Update. The other scan controllers automatically detect updates in the database and
retrieves the appropriate information.
The latest information can include the following:
FSL scripts, templates and vulnerability checks

Threat Intelligence updates
Operating System fingerprints and identifiers
McAfee Vulnerability Manager 7.5 program updates
Language Pack updates
McAfee standard SCAP updates
Before you begin
If the scan controller is running on a different server than the database, you must install SQL
Client Tools on the server to allow McAfee Vulnerability Manager Update to pass the information to
the database.
Procedures
McAfee Vulnerability Manager Update lets you do the following tasks:
Set up automatic updates

Manually check for updates
Type your McAfee Vulnerability Manager user name and password
51

Set up a proxy server (see "Adding proxy information for connecting to the update server" on
page 54)
Figure 11: McAfee Vulnerability Manager Update program - showing options
McAfee Vulnerability Manager update settings

Option
Description
Check for Updates
Click to connect to the update server and search for

the latest updates. If an update is found, it
automatically downloads and installs itself.
License Usage
Shows the number of live IP addresses you have

scanned.
Licensed For
Shows the number of IP addresses you are allowed to

scan, according to your license.
Options
Click to open the update program options.
Username
Type the user name that McAfee sent you. This is the
user name you used to access the McAfee download
files.
Password
Type the password associated with the McAfee user

name.
52

Option
Description
Proxy server
requires
authentication
If you use a proxy server to access the update

server, select this checkbox. Otherwise leave this box
unchecked.
Username (proxy)
If you use a proxy server to access the update

server, type the user name for the proxy server.
Password (proxy)
Type the password for the proxy server.
Use secure
connection
Select this option to connect to the update server

over a secure connection.
Digital Security
Mode
Select an option for validating the update content

files.
Automatic McAfee Vulnerability Manager checks
that the downloaded update package has been signed
with the appropriate certificate. If the certificate is
valid, the update is executed.
Interactive You are prompted to validate the
publisher and select to Run or Don't Run the update
package.
Disabled McAfee Vulnerability Manager doesn't
validate that the update package has the appropriate
certificate. Selecting this option displays a warning
message that this option is not recommended.
Selected item will

be checked for
updates every x
day(s) x hour(s)
Type the number of days and hours to wait before the

next update check.
Setting up McAfee Vulnerability Manager Update

McAfee Vulnerability Manager Update uses secure HTTPS communication (TCP port 443) to download
new updates from McAfee. The first time you run it, you are prompted to type your user name and
password to connect to the McAfee Vulnerability Manager update server. (This is the user name
provided by McAfee.)
Once you have typed the user name and password, select the items you want to download. You can
specify the amount of time that should pass before McAfee Vulnerability Manager Update checks
again. Once this is set, the update program automatically checks for downloads according to the
specified time. You must leave the update program running to allow automatic updates.
The first time you run the update program, you need to type your user name and password to
connect to the McAfee Vulnerability Manager update server. Once you've typed this information, the
update program uses it to automatically check for updates.
53

On the scan controller, select Start | All Programs | Foundstone | Update McAfee
Click Options.
Type the user name and password you received from McAfee.
Click Check for Updates.
Watch the status area for update information.

If the status window shows that the update failed, make sure that you have properly entered your
user name and password. McAfee requires the proper authentication to the update server before
you can download any updates.
To automatically check for updates, select the checkbox each package to update.
Type the number of hours to wait between update checks.
Leave the McAfee Vulnerability Manager Update program running. If you decide to exit, the
program warns you that it must continue running if you want to automatically check for McAfee
updates.
Select Proxy server requires authentication if updates are accessed using a proxy server.
10 Type the user name and password required to authenticate to your proxy server.
Adding proxy information for connecting to the update server

McAfee Vulnerability Manager Update reads the settings from Microsoft Internet Explorer to obtain the
proxy web address and port to be used.
1
Open Microsoft Internet Explorer.
Select Tools | Options.
Click the Connections tab.
Click LAN Settings.
In the Local Area Network (LAN) Settings dialog box, select Use a proxy server for your
LAN....
Type the address and port settings.
Click OK.
Running McAfee Vulnerability Manager Update as a service

You can run McAfee Vulnerability Manager Update as a native Win32 service. The default installation
of the scan controller configures the McAfee Vulnerability Manager Update service parameters but
does not enable it to run automatically.
Note: If you have previously enabled FSUpdate to run via the Start menu Startup folder, remove it
from the folder to prevent running more than one copy of FSUpdate.
1
Select Start | Administrative Tools | Services.
Double-click Foundstone Update Service Proxy.
Under Service Status, click Start. If the service is disabled, change the Startup type to
Manual, then click Apply.
To automatically start the update service, change the Startup type to Automatic, then click
Apply.
To see the update user interface when it is running, click the Log On tab.
Select Local System Account and select Allow service to interact with desktop.
Click OK.
54

Troubleshooting the McAfee Vulnerability Manager Update service

Certain settings or circumstances can prevent the McAfee Vulnerability Manager Update service from
running properly. When you install McAfee Vulnerability Manager, the FSUpdate service is configured
automatically. If the settings have been altered manually or the service was not installed by the
product installer, you can reinstall any scan controller to reinstall the McAfee Vulnerability Manager
Update service.
Verifying that the correct service is being started

Use the following task to make sure that the correct service is being started.
1
If the service is currently running, stop it from the services control panel. To do this, select Start
| Settings | Control Panel, double-click Administrative Tools, then double-click Services.
(You can also right-click My Computer and select Manage from the shortcut menu.) Locate
Foundstone Update Service proxy and click Stop.
Locate the FSUpdateService.exe file and launch it. A small window appears at the bottom right
of the screen.
Ensure that the edit field labeled Command line to start the application is pointing to the
correct location of the FSUpdate.exe program.
Ensure that the parameter to this path is "-service" (for example, C:\Program
Files\Foundstone\FSupdate.exe -service).
Click Apply (if needed) and close the application.
Reinstalling the FSUpdate Service

Use the following task to reinstall the update service.
1
On the scan controller server, locate the FSUpdateService.exe program (usually c:\Program
Files\Foundstone).
Open a command prompt window; select Start | Run and type cmd.
Navigate to the directory containing the FSUpdateService.exe program and type:

FSUpdateService -install. The file is stored in the installation directory (usually c:\program
files\Foundstone).
This procedure does not show anything on the computer screen. Once you run it, the program silently
reinstalls the service.
Note: If the FSUpdateService install process shows an error that the service is already installed,
disregard the error.
Verifying that the local account is running the service

Ensure that the Foundstone Update Service proxy Log on as checkbox is set to Local System
account.
1
Select Start | Run.
Type services.msc, then click OK.
Double-click Foundstone Update Service Proxy and click the Log On tab.
Make sure that the Local system account is selected.
Make sure that Allow service to interact with desktop is selected.
Click OK.
Note: The FSUpdate icon might not always appear in the system tray area, but the process can still
be running.
55

Register McAfee Vulnerability Manager 7.5
Register McAfee Vulnerability Manager 7.5

McAfee Vulnerability Manager 7.5 comes with a trial license so you can try the full product for 60 days
within your enterprise (unlimited IP range). After the trial period, you must register McAfee
Vulnerability Manager 7.5 to continue using it.
Note: You must send the registration request from the computer that runs the API server.
Sending a registration request to McAfee

Before you can activate McAfee Vulnerability Manager, you must send a registration request to
McAfee. Your activation information is sent to you in an email.
1
Select Start | All Programs | Foundstone | Register McAfee Vulnerability Manager.
In the registration program, select a network card to bind to the registration.

The network cards are listed in a drop-down box at the bottom of the McAfee Registration Key
group.
Figure 12: McAfee Vulnerability Manager Registration

3
Click Generate to create a unique registration key. The key appears in the text box.
If a key already exists in the textbox, click Clear to remove it before clicking Generate.
Click Website to open a browser and connect to the Foundstone Registration Website.
Type your registration information and click Submit Registration.
Organization - Type your organization or company name.
Grant Number - Type your grant number.
Contact Person - Type your own name, or the name of the person responsible for contacting
McAfee regarding the product.
Telephone - Type the contacts phone number.

56

Enable notifications
Your Email - Type the contacts email address.

Salesperson - Type the name of the McAfee Vulnerability Manager Sales Representative that
you normally work with.
Computer Name - Type the NetBIOS name of the computer running the product.
Product Type - Select Foundstone Enterprise Evaluation if you are evaluating McAfee
Vulnerability Manager 7.5. Select Foundstone Enterprise License if you have purchased
McAfee Vulnerability Manager 7.5.
Request Hash - Do not change this information. It is the key that was generated on your
computer.
Address Pool - Type the IP addresses you are allowed to scan. Your license is bound to these
ranges.
Notes - Type any notes that you need to send with your request.
Activate McAfee Vulnerability Manager 7.5

Before you can use McAfee Vulnerability Manager, you must activate the product with your activation
key, which you received via email.
1
Select Start | All Programs | McAfee Vulnerability Manager | Register FoundScan.
Type the activation key (unlock code) you received.
Click Register Now to complete the registration process.

If you have any questions or problems with this process, contact McAfee Technical Support.
The McAfee Vulnerability Manager Notification Service adds SNMP and email integration for ticketing
and scan related events, as well as system status, such as FCM updates available. Tickets are used to
manage and track vulnerabilities in systems within your corporate network. The ticketing system is
available through the enterprise manager and is integrated with other functions of the system, for
example, asset management.
Enabling SNMP notifications

Use the SNMP Settings section of the Notification Settings page to specify the SNMP manager and
agent.
Figure 13: Notification settings SNMP settings
57

Log on to the enterprise manager as a Global Administrator.
Select Manage | Notifications.
Select Enable SNMP Notifications to enable SNMP notifications.
Complete the remaining information, specifying the SNMP version, and incoming and outgoing
SNMP settings.
SNMP general settings

Option
Description
SNMP Version
Select 1 or 2c from the SNMP version list.
Community
String
Type the SNMP community string.
Throttle
Select the maximum number of messages per second

from the Throttle list.
Incoming SNMP settings

Option
Description
Address
Type the listening IP address, fully qualified domain

name, or host name of the SNMP agent that is to
receive incoming SNMP messages from an external
SNMP manager.
Port
Type the listening port number.
Senders List
Type the names of authorized senders of SNMP

messages. For example, you might want to type the
name of the outgoing SNMP management node here, so
that the McAfee Vulnerability Manager Notification
Service listens to messages sent by that SNMP
management node.
If you do not type a name in this field, no messages are
processed by the McAfee Vulnerability Manager
Notification Service.
Add
Click this button to add the name in the Senders List.
Remove
Select a name from the Senders List and click this

button to remove the name from the list.
Allow Verify
Vulnerability
Select if you want McAfee Vulnerability Manager to

respond to SNMP trap messages requesting verification
of a vulnerability.
Outgoing SNMP settings

Option
Description
Address
Type the IP address, fully qualified domain name, or

host name of the SNMP management node McAfee
Vulnerability Manager sends SNMP messages to.
Port
Type the port number of the SNMP management node.
58

Enabling email notifications

Use the Email Settings section of the Notification Settings page to specify the email server settings.
Note: If you have McAfee VirusScan Enterprise On-Access Scanner enabled, the McAfee Vulnerability
Manager Notification service fails to connect to your email server. To receive email notifications,
exclude the Notification service from VirusScan Enterprise. See Using McAfee VirusScan Enterprise
8.0i and later (on page 80).
Figure 14: Notification Settings Email Settings

1
Log on to the enterprise manager as a Global Administrator.
Select Manage | Notifications.
Select Enable Email Notifications to enable email notifications.
Complete the remaining information, specifying the email server address, and the email addresses
of the sender/recipient.
Note: Email notifications for updates applied via the McAfee Vulnerability Manager Configuration
Manager are sent to the address listed for McAfee Vulnerability Manager Operations. If you
have enabled email notifications in the configuration manager Preferences, be sure to include an
email address in the McAfee Vulnerability Manager Operations field.
Email server
Option
Description
Address
Type the address of the mail server. Use either the IP

address, fully qualified domain name, or host name of
the server (up to a maximum of 256 characters).
Port
Type the port number of the mail server to which

notification messages are to be sent.
59

Option
Description
Server Requires
Authentication
Select this checkbox to log on to the mail server with a

user name and password.
Username
Type the user name required to log onto the mail

server. The user name can be up to 64 characters long.
Password
Type the password associated with this user name. The

password can be up to 128 characters long.
Email messages
Option
Description
Header Message
Optional. Type your organization security banner here.

While McAfee Vulnerability Manager 7.5 controls the
bodies of these messages, you can configure an
opening statement as needed. For example, you could
include internal contact information or policy notices.
The maximum number of characters allowed is 256.
The email header message can include alphanumeric
characters plus underscores, periods, parentheses,
hyphens, spaces, commas, slashes (/), and colons.
Footer Message
Optional. While McAfee Vulnerability Manager 7.5

controls the bodies of these messages, you can
configure a closing statement as needed. For example,
you could include internal contact information or policy
notices.
The maximum number of characters allowed is 256.
The email footer message can include alphanumeric
characters plus underscores, periods, parentheses,
hyphens, spaces, commas, slashes (/), and colons.
Event and Address Settings

The following settings apply to each notification type: Ticket Integration, McAfee Vulnerability
Manager Operation, User Remediation, and User Scan Status.
Option
Description
From Name
Type the name of the sender. This is the person or

organization that the email appears to be coming from.
Use up to 64 characters.
From Address
Type the email address of the person or organization

sending the email. If the recipient replies, the reply is
sent to this email address. Use up to 256 characters
using a proper format (for example,
first.last@yourcompany.com).
To Name
Type the name of the person or organization receiving

the notification email for this type. Use up to 64
characters.
60

Add the enterprise manager trust site certificate
To Address
Type the email address of the recipient that is to

receive event notifications. Use up to 256 characters
using a proper format (for example,
first.last@yourcompany.com).
Hardening your servers

McAfee recommends that you take security measures to harden the systems running McAfee
Vulnerability Manager 7.5. Follow your company hardening policies. McAfee Vulnerability Manager also
provides a Hardening Guide, available from McAfee Technical Support. Here are some suggestions that
can help secure your servers.
Update your servers with the latest patches

Prior to hardening an IIS server, verify that the latest security fixes and patches have been installed
on the IIS server. This can be verified by running Hfnetchk.exe. Download it from Shavlik Security
products.
Microsoft also provides security updates and patches, although its coverage is not the same as
Hfnetchek's. Microsoft has provided the Windows Critical Update Notification Utility to ensure
that critical updates are announced. The instructions for installing this tool are located on the
Microsoft website.
Qchain chains hot-fixes together to allow several fixes to be installed at once, reducing the number of
system restarts required. More information is available from Microsoft.
Setting up SSL
McAfee Vulnerability Manager 7.5 installs and uses default SSL Certificates to communicate between
its servers. The installation program creates the certificates and installs them. However, canned
certificates are vulnerable to spoofing, which could allow someone to see the information as it is sent
between servers.
To increase the security, and to add authentication to the SSL Certificates, you must set up
customized SSL Certificates. The necessity of using customized SSL Certificates varies widely from
company to company.
If you decide to use customized SSL Certificates, McAfee Vulnerability Manager provides the McAfee
Vulnerability Manager Configuration Manager, a separate program that you can use to create custom
SSL certificates (this tool also manages updates to the McAfee Vulnerability Manager components).
For more information, refer to the configuration manager online help or the product guide.

A certificate error occurs when using Internet Explorer 8.0 or 9.0. This results in Internet Explorer
blocking the enterprise manager. Adding the enterprise manager to the trusted sites list does not
resolve this issue.
To add the enterprise manager certificate to Microsoft Internet Explorer 8.0 or 9.0, review the
following requirements.
61

The portal address in the CONFIG.INI file must match the FQDN, NetBIOS, or IP address used in
the SSL certificate for the enterprise manager. See Check the server_name in the CONFIG.INI file
(page 62).
.Net 2.0 or 3.0 must be installed on each user system accessing the enterprise manager.
Use the Installing the McAfee Vulnerability Manager Trust Site certificate (page 62) task on each user
system accessing the enterprise manager.
Check the server_name in the CONFIG.INI file

Use this task to ensure the server_name in the CONFIG.INI file matches the FQDN, NetBIOS name, or
IP address used in the SSL certificate.
1
Open configuration manager.
Expand the Foundstone SSL Certificates and select the SSL certificate issued to the enterprise
manager.
Example: myhost.domain.com.
In the Subject information, under Certificate Summary, find the FQDN, NetBIOS, or IP address.
This is the information after CN=.
On the server running the enterprise manager, open the CONFIG.INI file.
The default location in Microsoft Windows 2003 is: C:\Program Files\Foundstone\Portal\include.
The default location in Microsoft Windows 2008 R2 is: C:\Program Files
(x86)\Foundstone\Portal\include.
Make sure the server_name matches the FQDN, NetBIOS name, or IP address used in the SSL
certificate.
Save the CONFIG.INI file.
Installing the McAfee Vulnerability Manager Trust Site Certificate

McAfee Vulnerability Manager allows you to install a product-specific Trust Certificate.
1
Double-click the Enterprise Manager icon. The McAfee Vulnerability Manager logon page
appears.
Note: If necessary, add the enterprise manager to the Trusted Sites list.
Click Trust Site Certificate. A warning message appears.
Click Yes. An import successful message appears when the certificate import is completed.
Click Quit.
Close Microsoft Internet Explorer.
Double-click the Enterprise Manager icon.
62
Upgrading to McAfee Vulnerability Manager 7.5

Upgrading to McAfee Vulnerability

Manager 7.5
This product supports upgrading from McAfee Vulnerability Manager version 6.8 or 7.0 to McAfee
Vulnerability Manager 7.5.
If you are upgrading a system that meets the system requirements (see "System Requirements and
Architectures" on page 9), you can upgrade directly to McAfee Vulnerability Manager 7.5. If you need
to upgrade your operating system or your SQL server, you must take additional steps, including
backing up your McAfee Vulnerability Manager database.
Caution: Backing up your database is recommended before doing any upgrades.
Note: McAfee Vulnerability Manager components require an internet protocol version 4 (IPv4)
If you are upgrading the operating system and the database, you need to do the following:
1
Back up your existing database (Faultline).
Back up your McAfee Vulnerability Manager Windows Registry settings.
Upgrade the Windows operating system.
Upgrade the Microsoft SQL database.
Restore the McAfee Vulnerability Manager Windows Registry settings.
Restore the database (Faultline).
Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability
Manager content is up-to-date.
Upgrade to McAfee Vulnerability Manager 7.5.
Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5
content is up-to-date.
10 Users should clear their web browser cache to ensure updated pages display properly.
If you are upgrading the operating system on the server running the database to Microsoft Windows
Server 2008 R2, you need to do the following:
1
If necessary, restore the database (Faultline).
Users should clear their web browser cache to ensure updated pages display properly.
63

If you are upgrading the database only (not the OS), you need to do the following:
1
Upgrade the Microsoft SQL database.
Restore the database (Faultline).
If you attached your database to a server that does not have McAfee Vulnerability Manager installed:
1
Run the McAfee Vulnerability Manager installer.
Select the McAfee Vulnerability Manager components you want to install on the server.
On the McAfee Vulnerability Manager - Installation Settings page, double-click Database

installation type = Create New.
Select Upgrade an existing database, then click Next.

The McAfee Vulnerability Manager 7.5 installation program might not recognize the attached
database because McAfee Vulnerability Manager has not been installed on this server.
Continue with the upgrade installation.
If you moved your database to a different server, when you upgrade the server that formerly hosted
your database:
1
Run the McAfee Vulnerability Manager installer.
Select the McAfee Vulnerability Manager components you want to install on the server.
On the McAfee Vulnerability Manager - Installation Settings page, double-click Database

server = server_name.
Type the host name or IP address of the server hosting the database.
Type the McAfee Vulnerability Manager user password and then click Next.
Continue with the upgrade installation.
If you are upgrading the enterprise manager or a scan engine to Microsoft Windows Server 2008 R2,
you need to do the following:
Note: If the database is installed with any other McAfee Vulnerability Manager component, you must
follow the steps for upgrading the database.
1
64

Back up the SQL server database using SQL Server Management Studio
Back up the SQL server database using SQL Server

Management Studio
Before performing an upgrade, create a backup of your McAfee Vulnerability Manager database in
case you need to restore it after the upgrade.
1
Open SQL Server Management Studio. To do this, select Start | All Programs | Microsoft SQL
Server | SQL Server Management Studio.
Connect to the server by providing the proper authentication.
Expand the Databases in the Object Explorer.
Right-click the Faultline database and select All Tasks | Backup Database from the shortcut
menu.
Figure 15: SQL Enterprise Manager Getting to the Backup menu

5
In the Back Up Database dialog box, the backup destination is entered automatically.
To add a different location, click Add to specify where to create the backup file.
65

Backing up the Windows registry
Optionally, in the Back up Database dialog box, select Options and select Verify Backup on
finished to have SQL ensure that the backup is correct.
On the Back up Database dialog, click OK to begin the backup process.

A message appears when the backup is complete.
Figure 16: SQL Backup - complete
Backing up the Windows registry

1
Open the Windows Registry. To do this, select Start | Run. Type regedit as the name of the
program to run, and click OK.
Back up the registry keys, from the following locations in Microsoft Windows Server 2003:
HKEY_LOCAL_MACHINE\SOFTWARE\FOUNDSTONE\, and
HKEY_CURRENT_USER\SOFTWARE\FOUNDSTONE.
Back up the registry keys, from the following locations in Microsoft Windows Server 2008 R2:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FOUNDSTONE\, and
HKEY_CURRENT_USER\SOFTWARE\FOUNDSTONE.
66

Upgrading Microsoft SQL Server 2000
Select File | Export.
Type a file name for the registry backup file, and select the folder where you want to save it.
Click OK.
Upgrading Microsoft SQL Server 2000

Caution: Before you can upgrade Microsoft SQL Server 2000, you must remove the existing registry
values for SQL certificates or you cannot install the database.
Modifying registry values

1
Open the Registry Editor.

The registry location of the SQL Server (for a default instance) is:
HKEY_LOCAL_MACHINE\Software\Microsoft\MSSQLServer\MSSQLServer\SuperSocketNetLib.
Note: For a named instance of the SQL Server, the values are under the key:
HKLM\Software\Microsoft\Microsoft SQL
Server\INSTANCENAME\MSSQLServer\SuperSocketNetLib.
Right-click Certificate and select Rename.
Rename Certificate to Certificate_.
Right-click Encrypt and select Rename.
Rename Encrypt to Encrypt_.
Close the Registry Editor.
Install Microsoft SQL 2005 or Microsoft SQL 2008 R2. A system restart might be required after
installation.
Install the latest service pack for Microsoft SQL Server. If necessary, restart the server.
Install McAfee Vulnerability Manager 7.5. Once the McAfee Vulnerability Manager 7.5 installation is
complete, you must restart the system.
10 After the system restarts, McAfee Vulnerability Manager 7.5 prompts you for database logon
information. Just close this dialog box.
Note: After McAfee Vulnerability Manager 7.5 is installed and running, you should redistribute
the certificates to turn encryption on for communication between the database and the scan
engine.
Redistributing certificates
1
Open configuration manager console.
Select Tools | Recreate Certificate Authority.
Change the name of the CA.
Select Recreate Certificate Authority.
Once the certificates are distributed to the database, encryption is enabled. You can now start the
scan controller(s) without being prompted for any database information.
Changing the compatibility level of an upgraded SQL Server 2000 database

After upgrading SQL Server 2000, you must change the database compatibility level.
67

Select Start | All Programs | Microsoft SQL Server | SQL Server Management Studio.
Connect to the appropriate Database Engine server in the Object Explorer.
Open the Database node.
Right-click on the database.

The default name is Faultline.
Select Properties.
Select Options under Select a Page.
Select SQL Server 2005(90) from the Compatibility Level list for Microsoft SQL 2005.
Select SQL Server 2008(100) from the Compatibility Level list for Microsoft SQL 2008.
Click OK.

If you are upgrading from Microsoft SQL Server 2000 to Microsoft SQL Server 2005, go to Upgrading
Microsoft SQL Server 2000 (page 67).
Note: During installation, the database name is not automatically added to the database field on the
Database Administrator page. You must type in the database name or the instance name.

Use the following settings to configure your SQL Server.
Installation Page
Setting
Components to
Install

development tools.
Instance Name

Service Account

end of setup.
68

Microsoft SQL server 2008 and 2008 R2 installation features
Authentication Mode

report engine.
Collation Settings
Error and Usage

Report Settings
Changing the Microsoft SQL memory settings

Change the memory settings for Microsoft SQL Server to optimize performance for McAfee
1
Right-click the server and select Properties.
Select Memory.
Change the Maximum Server Memory to two-thirds the maximum server memory.
Click OK.
Microsoft SQL server 2008 and 2008 R2 installation

features

69

Restoring the McAfee Vulnerability Manager database

Restoring the Windows registry

If you move or restore a McAfee Vulnerability Manager system, you must restore backed up product
registry settings. The McAfee Vulnerability Manager registry settings contain a unique identifier for the
scan engine.
1
Open the Windows Registry. To do this, select Start | Run. Type regedit as the name of the
program to run, and click OK.
Select File | Import.
Select the file that contains your McAfee Vulnerability Manager Windows Registry settings.
Click OK to restore registry settings.

If you move or restore a McAfee Vulnerability Manager system, you need to restore a database
backup. McAfee also recommends that you regularly test a database backup for integrity.
1
Stop all scan engines using the configuration manager. To do this, open configuration manager,
expand the McAfee Vulnerability Manager tree in the left pane, select a scan engine and click
Stop. You must do this for each scan engine.
Select Start | All Programs | Microsoft SQL Server | SQL Server Management Studio.
Right-click Databases, then select Restore Database.
In the Restore Database dialog box, type Faultline in the To database field.
70

Figure 17: SQL Server Back up

You do not have to use Faultline as the McAfee Vulnerability Manager database name. If you use a
database name other than Faultline, you must add a string to the
HKEY_LOCAL_MACHINE\SOFTWARE\Foundstone\Foundscan registry key for Microsoft Windows 2003
or HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foundstone\Foundscan registry key for
Microsoft Windows 2008 R2. The string must be DBName with the value of the name created for
the McAfee Vulnerability Manager database.
If you use a database name other than Faultline, you should add the DBName registry key to any
system that runs one or more of the following McAfee Vulnerability Manager applications or
services:
Scan controller
API server
Report engine
6
Select From device, then click Select Devices.
In the Choose Restore Devices dialog box, click Add.
Type file name and location where the backup files are located, then click OK.
Click OK.
10 If necessary, on the Options tab, you can edit the rows in the Move to physical file name column
to specify the location and names of the physical files of the restored McAfee Vulnerability
Manager database.
71

Upgrading from a previous version
Figure 18: Restore database

If the database is version 6.0 through 6.8, you can also restore the database by using a T-SQL
script, which might reduce the manual work of changing the physical file locations. See "Restoring
the database using T-SQL" in the McAfee Vulnerability Manager Product Guide.
11 Click OK to begin restoring the database.
12 When the restoring process is complete, a message appears. Click OK to close the message.

Upgrade the database first, when possible. Some McAfee Vulnerability Manager components connect
to the database to complete the upgrade process. If you attached your database to a server that does
not have McAfee Vulnerability Manager installed and you want to upgrade your database, there are
some extra steps you must take to properly upgrade your database. See Upgrading to McAfee
Vulnerability Manager 7.5 (on page 63) for more information.
Tip: McAfee recommends that you back up the Faultline database (see "Back up the SQL server
database using SQL Server Management Studio" on page 65) on the computer running the SQL
Server database. It is also recommended that you back up the daily log files on your scan engine.
The log files are named by date and can be found in the Foundstone\Logs folder.
The process for upgrading your scan engines is different from other product components.
After upgrading, the configuration manager automatically updates your engines to McAfee
Vulnerability Manager 7.5. If you have a system running a scan engine and other McAfee
Vulnerability Manager components, when you upgrade this system, you must upgrade the scan
engine, even if the engine has already been updated by the configuration manager. Deselecting
the engine from the upgrade removes the engine and the scan controller from this system.
The McAfee Vulnerability Manager 7.5 installer automatically selects the API server component.
Only install the API server component on one scan engine. Deselect the API server component
when upgrading all other scan engines.
72

Note: When upgrading, multiple active sessions on the server can cause the upgrade to fail. You can
close all running McAfee Vulnerability Manager components using the Task Manager or you can
restart the server.

Use the following task to upgrade the database, enterprise manager, and API server (or primary scan
engine) to McAfee Vulnerability Manager 7.5.
1
Do not uninstall McAfee Vulnerability Manager.
Notify all users to log off the McAfee Vulnerability Manager system.
Note: If you want to change the password for the Faultline user, you must do it in the SQL
Server Management Studio.
On any McAfee Vulnerability Manager component, run the McAfee Vulnerability Manager 7.5
installation program. The installation program detects McAfee Vulnerability Manager components
already installed on the server. Review the list of selected McAfee Vulnerability Manager
components to upgrade or update the list, if necessary.
The installer terminates all product services before upgrading. If the installer cannot terminate
any of the product services, a message appears asking you to terminate the product service
manually. You must terminate any product services still running before continuing with the
installation.
Make sure that all of your scan engines are online.
On the system where you installed the configuration manager Server, start the configuration
manager Console.
Keep the configuration manager running long enough for all of your scan engines to connect to
the configuration manager server. When the engines have connected, exit the McAfee
Vulnerability Manager Configuration Manager.
On the computer running the database, start the McAfee Vulnerability Manager 7.5 installation
program to upgrade your database. By default, your database is upgraded to McAfee Vulnerability
Manager 7.5. If you want to install a new database, you must modify the Database installation
type on the Installation Settings step of the installation wizard.
On the enterprise manager web server, run the McAfee Vulnerability Manager 7.5 installation
program and install the enterprise manager.
10 On the computer on which you want to run the Notification Module, run the McAfee Vulnerability
Manager 7.5 installation program and install the Notification Module. The Notification Module does
not have to be installed on a system running a McAfee Vulnerability Manager component.
11 On systems that only have a scan engine installed, the scan engine is upgraded automatically by
the McAfee Vulnerability Manager Configuration Manager. Any system with a scan engine and
other McAfee Vulnerability Manager components installed, must be manually upgraded. Verify all
scan engines are upgraded by checking the version of each scan engine in the configuration
manager Console.
During an automatic upgrade, a scan controller is installed with each scan engine. During a
manual upgrade, the scan controller is selected when upgrading a system with a scan engine.
12 Upgrade all other McAfee Vulnerability Manager components.
13 Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5
Once you have upgraded the database and enterprise manager, and installed the Notification Module,
the upgrade process is completed.
McAfee Vulnerability Manager sends updates to some components after the upgrade process is
73

shortly after the upgrade is complete. If there are a large number of scan engines or there is low
Vulnerability Manager is not functioning properly right after an upgrade, the update process might not
be complete.
Upgrading an All-in-One system

Note: If you are using additional scan engines outside the All-in-One system, see the above
instructions under "Upgrading to McAfee Vulnerability Manager 7.5."
1
Notify all users to log off the McAfee Vulnerability Manager system.
Note: If you want to change the password for the Faultline user, you must do it in the SQL
Stop and cancel all scan jobs before exiting the API server.
Run the McAfee Vulnerability Manager 7.5 installation program, installing all components.
If SQL server is not running, start the database (see "Starting and stopping the SQL server
database" on page 74).
Merging the config.ini and php.ini files

During the upgrade process, your existing config.ini and php.ini files are renamed to config.fsorig and
php.fsorig.
If you made any changes to either .ini file, you must manually merge the changed sections into the
new config.ini and php.ini files.
1
Open both the new .ini file and the original (.fsorig) file in Notepad.
Copy the sections from the original file to the new one.
Save the file.
Starting and stopping the SQL server database

Sometimes it might be necessary to stop and restart the SQL Server service.
If you are unable to connect to the database even after entering the correct server name and
credentials, make sure the database is running.
Using the SQL database service
On the database server, you must open the SQL Server Management Studio to check the status of the
SQL server. The server icon in the System Tray has been removed for Microsoft SQL Server 2005 and
2008.
1
If the database icon shows a red square

shows a green triangle
, right-click the icon and click Start. When the icon
, the database is running.
If the database icon shows a green triangle

shows a red square
, right-click the icon and click Stop. When the icon
, the database has stopped.

74

Upgrading appliances
Rerunning scans
After upgrading McAfee Vulnerability Manager, some information for existing scans doesn't display
until the scan is run. This includes Scan Details information (new for McAfee Vulnerability Manager
7.5), and the Vulnerability by IP port information in reports.
Microsoft Windows Server 2003 upgrade support

If you are upgrading the operating system on a server that previously ran McAfee Vulnerability
Manager components other than the scan controller and scan engine, you must uninstall the previous
version before you can install McAfee Vulnerability Manager 7.5. You must install the other
components on a server running Microsoft Windows Server 2008 R2.
Note: Back up your database before you uninstall it.
If you are upgrading on a server that only ran the scan controller and scan engine, your McAfee
Vulnerability Manager information is retained and used for the upgrade. During the upgrade, some
McAfee Vulnerability Manager services must be stopped before the upgrade process can begin.
Upgrading appliances
If you have a McAfee Vulnerability Manager appliance with a previous version of the product, you can
upgrade your appliance to McAfee Vulnerability Manager 7.5.
The upgrade guidelines work with the MVM 2100 (scan controller and scan engine only), MVM 3000,
and MVM 3100.
75
Troubleshooting and Tips

Application Layer Gateway Message

This section includes some additional procedures and suggestions that can help you install McAfee
Finding the NetBIOS name

Use the hostname command to identify a system by its host name and domain name.
1
Select Start | Run.
Type CMD, then click OK.
Type host name and press Enter. The name of the host appears.
Creating strong passwords

Although many tools exist to guess or brute-force passwords, creating a good password still adds an
additional layer of security that helps deter potential attackers. Use each of the following elements in
your password to create a strong password:
Use
Use
Use
Use
Use
8 or more characters
lower-case characters (a-z)
upper-case characters (A-Z)
numeral characters (0-9)
non-alpha-numeric characters (`~!@#$%^&*()-_=+)
Note: McAfee Vulnerability Manager 7.5 requires passwords that are at least 8 characters long, has
at least three of the four remaining requirements (lower-case, upper-case, numeral, and non-alphanumeric), and does not contain the user name.
Application Layer Gateway Message

The install program might display the following message regarding the Application Layer Gateway:
The "Application Layer Gateway Service" is currently running on this system. There are known
issues with this service adversely affecting scan results. As such, it is highly recommended that
you stop this service prior to scanning.
This message appears under the following conditions:
All service pack requirements are met for Microsoft Windows XP or Microsoft Windows 2003
The update labeled "MS05-019" is not applied
The Application Layer Gateway Service is running
76

SQL settings
Stopping the Application Layer Gateway

1
Click Start | Administrative Tools | Services.
Click Application Layer Gateway Service.
Click Stop.
Performance issues when running a large number of

reports
If you plan on running a large number of reports, McAfee recommends installing the report engine on
a separate system from the database. Both the report engine and database can consume a lot of
resources, potentially causes a system to slow down. You can separate these components by doing a
custom installation for the report engine and doing a custom installation for the database on a
different system. See Custom Install (see "Installing using the custom installation type" on page 39).
SQL settings
This section provides some procedures for setting up your SQL server after you have installed the
database.
Changing the database authentication settings

During the installation process, the McAfee Vulnerability Manager install program sets the
Authentication to SQL Server and Windows. This mode is required to create a new database or to
upgrade the existing database.
If your network database policy requires a different setting, it is okay to change them until you need
to update your database again.
You can either change the authentication settings by editing the Windows Registry or through the SQL
Changing SQL authentication using the Windows registry

1
Open the Windows Registry editor.
Find the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\loginmode
Change the value to 2.
Changing SQL authentication using SQL Server Management Studio

1
Open the SQL Server Management Studio.

To do this, select Start | Programs | Microsoft SQL Server | SQL Server Management
Studio.
Note: You might be required to connect to the server. Type the appropriate information and click
Connect.
77

SQL settings
In the Object Explorer, expand the server list until you get to the server you are configuring.
Right-click the server, and select Properties.
Click the Security page.
Change the Authentication setting as desired.
Figure 19: SQL Authentication

6
Click OK and exit the program.
Optimize dynamic memory settings

McAfee Vulnerability Manager recommends that you use dynamic memory allocation for SQL Servers
and cap it at 40% of the total system memory.
Setting the SQL dynamic memory

1
Select Start | Programs | Microsoft SQL Server 2005 | SQL Server Management Studio.
In the Object Explorer, expand the server list until you get to the server you are configuring.
Right-click the server, and select Properties.
Click the Memory page.
Set the Index Creation Memory to 40% of the total system memory.
For example, set the Index Creation Memory to 400 MB if the system has 1 GB of memory and
to 800 MB if the systems has 2 GB memory.
Click OK.
Setting the SA password in SQL

McAfee Vulnerability Manager 7.5 requires the SQL SA Password so that it can create or upgrade the
database (named Faultline). The SA password is not revealed in the McAfee Vulnerability Manager 7.5
78

SQL settings
product. However, if you want to set a temporary password before installation, or change the SA
password after the installation, follow these steps to make the change.
Changing the SQL database SA password

1
Expand the Security folder and click Logins.
Double-click sa.
Figure 20: SQL Server Management Studio

5
Under SQL Server Authentication (non-selectable), type the new sa password.
Changing the TCP/IP protocol

During installation, McAfee Vulnerability Manager creates a database connection alias with the
database server information and TCP/IP protocol. If you change or disable the TCP/IP protocol,
McAfee Vulnerability Manager might not function properly. To modify the alias, you can use the SQL
Server Client Network Utility or change the alias value in the registry.
Using the SQL server client network utility

1
Select Start | Run.
Type cliconfg and press Enter. The SQL Server Client Network Utility appears.
Click the Alias tab, edit the Server alias, then click OK.
79

Optional enterprise manager settings

After having installed McAfee Vulnerability Manager 7.5, there are several steps you can take to
customize the way that McAfee Vulnerability Manager 7.5 is used in your company. This includes
setting up logon messages (post messages to all users on the logon page (see "Setting up a logon
message" on page 81)).
Using McAfee VirusScan Enterprise 8.0i and later

If you are running McAfee VirusScan Enterprise (VSE) 8.0i or later, you must exclude the McAfee
Vulnerability Manager executables from the Port Blocking rules in VSE. The Port Blocking rule is
intended to stop mass mailings that target SMTP port 25. Certain scanning techniques employed by
McAfee Vulnerability Manager are considered to be malicious activities by VSE. This results in
inaccurate vulnerabilities reported when scanning.
To exclude FSScanCtrl.exe in the port blocking rule

1
Open the Virus Scan Enterprise Console by right-clicking the icon in the Windows taskbar.
Right-click Access Protection and select Properties from the shortcut menu.
Select the Antivirus Standard Protection category.
Select the rule to Prevent mass mailing worms from sending mail and click Edit.
Add FSScanCtrl.exe to the Excluded Process list.
Click OK, then click Apply.
Select the rule to Prevent IRC Communication and click Edit.
Add FSScanCtrl.exe to the Excluded Process list.
Close the VSE 8.0i console.
Note: If VSE is installed on the mail server, repeat these steps on the mail server.
McAfee suggests that you add all of the applications and processes of McAfee Vulnerability Manager to
this exclusion list in VSE in order to avoid conflicts between VSE and McAfee Vulnerability Manager.
Repeat the above steps to exclude the following:
FSScanCtrl.exe (excluded in the steps above)
FSUpdate.exe
FSNotifications.exe
LCDServices.exe
RegFS.exe
FCAgent.exe
FCServer.exe
FSAPI.exe
FSAssessment.exe
FSDiscovery.exe
FSLogToDiskSvc.exe
ReportServer.exe
80

Setting up a logon message

If you have access to the enterprise manager server, you can add a message that appears on the
enterprise manager logon page for all users. To add this message, you must have created text files
with specific names and copied the files to the enterprise manager home directory.
Adding a logon message
Create a text file named mod.txt, and place it in the enterprise manager home directory.
The default location for Microsoft Windows 2008 R2 is c:\Program Files
(x86)\Foundstone\portal.
Removing the logon message
If the mod.txt file is not found or does not contain any data, the message of the day does not
appear. Remove this file from the enterprise manager home directory.
Creating a logon message file
Using a text editing program like Notepad, type the message you want to display. You can
embellish the message with some HTML tags, but they are not required.
Available HTML tags

You can use the following HTML tags to customize these messages:
<a><br><b><h1><h2><h3><h4><i>
<img><li><ol><p><strong><table>
<tr><td><th><u><ul>
Adding a blank line in the mod.txt file automatically adds the appropriate .html code to create a new
line.
Message titles
Use the tags <mod_title> and </mod_title> to change the title of the message. If no title has been
entered, the title displays "Message of the Day".
SAMPLE mod.txt FILE

The following is an example of possible content for the Message of the Day file.
81

<mod_title>Security Notice</mod_title>
The following network segments <i>should not be scanned</i> until further notice.
<ul> <li>10.0.50.1 - 10.0.50.254</li>
<li>10.72.221.1 - 10.72.223.254</li> </ul>
Contact Sue at extension 630 if you have any questions.
It results in the following message:
Figure 21: Logon Page - Message of the Day
Allowing root organization administrators to switch to global

administrator
McAfee Vulnerability Manager 7.5 can allow root organization administrators to switch between Root
Organization Administrator and Global Administrator in the enterprise manager. This can be useful in
organizations that use single sign-on since a separate sign-on account is not required.
Warning: If this feature is enabled, all root organization administrators have access to the Global
Administrator and can make changes to the enterprise manager. It is possible for one root
organization administrator to undo the settings established by another. This feature might not be ideal
for environments with multiple root organization administrators.
Allowing root organization administrators to switch to global administrator

1
Open the config.ini file on the system running the enterprise manager. The default location for
Microsoft Windows 2008 R2 is c:\Program Files (x86)\Foundstone\portal\include.
Set allow_ga_switch to true.
Save and close the config.ini file.
Using the global administrator switch

1
Log on to the enterprise manager as a Root Organization Administrator.
Click the Global Admin link. The Global Administrator user-interface appears.
Note: Only one active session is allowed. Using Open in New Tab on the Global Admin link
terminates the organization administrator session. Using Open in New Tab also terminates the
session if the Org Admin link is clicked in the global administrator session.
82

Click the Org Admin link to switch back to the Root Organization Administrator user-interface.
Note: If you log on using the Global Administrator credentials, you don't see the ORG ADMIN link in
the user-interface. The switch only functions when you log on as a Root Organization Administrator.
Setting up the CONFIG.INI and PHP.INI files

This section provides information on the settings found in the CONFIG.INI and PHP.INI files, located
on the enterprise manager server. Use caution when changing the settings in these files. The wrong
settings can prevent McAfee Vulnerability Manager 7.5 from functioning properly.
CONFIG.INI
The config.ini file contains basic configuration settings for McAfee Vulnerability Manager 7.5.
The default location for Microsoft Windows 2003 is c:\Program
Files\Foundstone\Portal\include\config.ini.
(x86)\Foundstone\Portal\include\config.ini.
PHP.INI
PHP is a scripting language used by enterprise manager. The php.ini file contains PHP settings in
enterprise manager. This file contains many sections and settings, though this document addresses
only those settings that McAfee recommends for customers to change if necessary.
The default location for Microsoft Windows 2003 is c:\Program Files\Foundstone\PHP\php.ini.
(x86)\Foundstone\PHP\php.ini.
Opening the CONFIG.INI file

The CONFIG.INI file is located on the web server that hosts the enterprise manager.
1
On the enterprise manager server, navigate to \Portal\include\config.ini. It is located under

the folder where you installed McAfee Vulnerability Manager 7.5.
Double-click the file to open it.
Edit the file using NOTEPAD.EXE or another text editor.
Opening the PHP.INI file

The PHP.INI file is located on the web server that hosts the enterprise manager.
1
On the enterprise manager server, navigate to \PHP\Config.ini. It is located under the folder
where you installed McAfee Vulnerability Manager 7.5.
83

Double-click the file to open it.
Edit the file using NOTEPAD.EXE or another text editor.
Common Tasks
The following list shows the most common tasks that can be performed by changing the CONFIG.INI
and PHP.INI settings.
Disabling the option to verify a vulnerability ticket
In the CONFIG.INI file, change the value disable_verify under the Remediation section to 1
and save the file.
To verify the setting, log onto the enterprise manager. Navigate to Remediation | New Tickets. The
Verify button should not be available when this value is set to 1.
Disabling the Quick Scan feature in the enterprise manager
In the CONFIG.INI file, search for the following string and remove the ; at the beginning of the
line:
;disable_quickscan=1
To verify the setting, log onto the enterprise manager. The Quick Scan feature is disabled when this
value is set to 1.
Disabling the Customer Feedback Link in the enterprise manager
In the CONFIG.INI file, change the value submit_feedback under the [Optional] section to 0
and save the file.
To verify the setting, log onto the enterprise manager. The customer feedback link at the bottom of
the page should not appear, or is otherwise disabled.
Config.ini
The config.ini file contains basic configuration settings for McAfee Vulnerability Manager 7.5.
Sections in this configuration file include:
first run flag (page 85)

[server] (page 85)
[API Server] (page 86)
[session] (page 88)
[report server] (page 88)
[optional] (page 89)
[look_and_feel] (page 90)
[ipranges] (page 91)
[mvas] (page 91)
84

[debug] (page 91)

[fcgi] (page 91)
[reports] (page 92)
[l18n] (page 92)
[threats] (page 92)
[RADIUS_server_options] (page 94)
[single signon]
[java] (page 94)
[fs-850 options]
[remediation] (page 95)
first run flag

Entry
Default
first_run
1 until you log onto

the enterprise
manager
0 after a successful
logon to the
enterprise
manager
Description
The first time you log onto the
enterprise manager, if this
value is set to 1, the
server_name value is sent to
the engine as the "default"
portal server.
[server]
Entry
Default
Description
server_url
Base URL used to access the

enterprise manager.
server_root
Windows 2003
C:\Program
Files\Foundstone\Po
rtal\
Install path for the enterprise

manager.
Windows 2008 R2
C:\Program Files
(x86)\Foundstone\Po
rtal\
server_cache
Windows 2003
C:\Program
Files\Foundstone\Te
mp\
Path for temporary files.
Windows 2008 R2
C:\Program Files
(x86)\Foundstone\Te
mp\
85

Entry
Default
Description
reports_dir
Windows 2003
C:\Program
Files\Foundstone\Re
ports\
The report engine uploads

scan reports to this directory.
Windows 2008 R2
C:\Program Files
(x86)\Foundstone\Re
ports\
custom_reports_dir
Windows 2003
C:\Program
Files\Foundstone\Re
ports_Custom\
The report engine uploads

custom reports to this
directory.
Windows 2008 R2
C:\Program Files
(x86)\Foundstone\Re
ports_Custom\
font_dir
C:\Windows\Fonts
Path for Windows fonts.
server_name
COMPUTERNAME
Name of this server. This

should be the name used to
access the system, such as
the DNS or NetBIOS name of
the system.
server_protocol
http or https
Protocol used to access the

enterprise manager.
Either http or https.
Depends on install
options.
server_cert_dir
%installdirectory%\
Foundstone\Configur
ation
portal_id
Directory containing the SSL

certificates.
Internal system identification;
do not change this setting.
[API Server]
Entry
Default
Description
API_primary
Server that hosts the API

server (including the port to
access the API server).
API_secure
"1" indicates that a SSL

connection should be made to
the API server.
API_proxy_host
Proxy information if a proxy is

required for connecting to the
API server.
API_proxy_port
86

Entry
Default
Description
API_connection_
timeout
The number of seconds to

wait for a connection to the
API server.
API_response_time
out
180
The number of seconds to

wait for a response to a query
from the API server.
API_authenticate
"1" indicates the use of

certificates to authenticate a
connection to the API server.
API_authenticate_
cn
Indicates whether or not to

verify against the CN value of
a certificate.
API_reconnect_
interval
180
No value - Turns off CN

verification.
hostname - The web
portal gets the host name
of the server and verifies
it against the CN value.
Any other value is verified
against the CN value.
The number of seconds

required before a
reconnection to the API
server can be made.
API_stream_select_ 3
timeout
The number of seconds PHP

waits for the stream
notification events before
quitting and trying again.
api_authenticate_ca Windows 2003
Path for the Certificate

Authority file.
C:\Program
Files\Foundstone\Co
nfiguration\CustomT
rustedCA.pem
Windows 2008 R2
C:\Program Files
(x86)\Foundstone\Co
nfiguration\CustomT
rustedCA.pem
87

Entry
Default
Description
api_authenticate_
client
Windows 2003
Path for the certificate file the

API server uses to
communicate with the
enterprise manager.
C:\Program
Files\Foundstone\Co
nfiguration\CustomP
ortal.pem
Windows 2008 R2
C:\Program Files
(x86)\Foundstone\Co
nfiguration\CustomP
ortal.pem
[session]
Entry
Default
Description
session_validate_ip
true
Validates that the

current web browser IP
address is the same as it
was when authenticated
at logon time.
Either true or false.
session_validate_browser
Validates that the

current browser session
is the same as it was
when authenticated at
logon time.
Not implemented by
default.
[report_server]
Entry
Default
Description
report_server
[hostname of
report engine
server]:port
Type the host name or IP

address, colon (:), port
number for the report
engine server.
Example:
MYHOST.XYZ.COM:3802
report_server_secure
Type 1 to use SSL,

otherwise type 0.
report_push_check
Only allows file transfers

from the report_server
and API_primary
addresses.
88

[optional]
Entry
Default
Description
enable_dashboard_
configuration_applet
true
Not used.
enable_organization_
applet
false
Not used.
alerts_max
100
Maximum number of alerts to

display at one time.
scan_pulldown_alpha
false
How to sort pull-down scan list.

true = sort alphabetically by
scan name
false = sort in reverse
chronological order by scan
date
short_chars
30
Number of characters before

the scan name is truncated in
the Dashboard and menus.
string_chunk_len
100
When FSL scripts retrieve

information from a host, this
number determines how many
characters long each line should
be before being truncated.
string_chunk_delimiter
" "
Type the character (or space) to

be used to break the
information from the host into
individual lines.
scan_config_dropdown
30
Determines the number of

scans to be displayed on the
Scan drop-down box on the
Home page.
tree_expansion_default
On pages other than the

Organization Management or
asset management (containing
Java interfaces), this number
determines how many levels of
the organization tree are
shown.
There is no default value
assigned as of McAfee
Vulnerability Manager 7.5. A
value of 3 indicates that an
organization tree shows the
root level, 1st child level, and
2nd child level of workgroups.
89

Entry
Default
Description
disable_quickscan
Disables the Quick Scan feature

from the enterprise manager.
This is disabled by default.
submit_feedback
Displays the Product Updates,

Release News, and Feedback
link in the enterprise manager.
auto_refresh_rate
10
The number of seconds before

the web page is automatically
refreshed.
To disable, set the value to 0.
[look_and_feel]
Entry
Default
Description
color_buttonf
;000000
Enterprise manager color

scheme setting.
color_buttonb
;333399

scheme setting.
color_headerf
;FFFFFF

scheme setting.
color_headerb
;333399

scheme setting.
color_grey1
;e3e3e3

scheme setting.
color_grey2
;cccccc

scheme setting.
color_grey3
;3581cd

scheme setting.
font
verdana
Enterprise manager typeface

setting.
font_size
Enterprise manager font size

setting.
90

[ipranges]
Entry
Default
Description
enable_ipranges
true
Enable the entry of IP ranges

through the enterprise
manager. When set to False, IP
ranges can only be entered
through the API server.
max_ipranges
8000
Maximum number of IP ranges

to import from a text file before
truncating.
Entry
Default
Description
enable_mvas_options
false
Managed Service use only.

threats
false
Managed Service use only.

[mvas]
[debug]
Entry
Default
Description
debug
Enterprise manager debug mode.

on=1 and off=0
debug_soap
Enterprise manager debug mode:

include soap events in the output.
on=1 and off=0
debug_report_server 0
Enterprise manager debug mode:

used to test report uploads.
on=1 and off=0
debug_msi_server
Create log files when language packs

are pushed on the server that
executes them.
Enable log=1; Disable log =0
[fcgi]
This section is used for debugging the FastCGI components in McAfee Vulnerability Manager 7.5. It
might be used in a support call situation when additional logging needs to be turned on to help
identify a problem.
91

[reports]
Entry
Default
Description
report_server_timeout
1200
Number of seconds to wait

between attempts to upload
reports to the server.
[il8n]
Entry
Default
Description
il8n_language
Determines which language to

display in the product.
cs = Chinese Simplified
ct = Chinese Traditional
de = German
en = English
es = Spanish
fr = French
ja = Japanese
kr = Korean
il8n_bullet
Determines the default bullet

character used throughout the
enterprise manager.
[threats]
Entry
Default
Description
max_threats

threats that can be
viewed at one time on the
Threat Correlation page.
McAfee Vulnerability
Manager 7.5 supports
showing up to 19 threats
at a time.
max_intervals

business units that can be
viewed at one time on the
Threats by Business Unit
page.
92

Entry
Default
Description
tcv_enable_default_bu
0 disables this feature. If

there is a default business
unit, it comes from the
administrator.
1 enables users to see a
default business unit
containing all scans that
the user can access.
tcv_select_default _bu
0 disables this feature. If

there is a default business
unit available, it is not
automatically selected
when opening the Threat
Correlation page.
1 enables this feature.
The default business unit
is selected by default
when you view the Threat
Correlation page. The
contains data for all scans
and workgroups that the
user can access.
tcv_central_admin_default_bu
0 disables this feature. A

containing all workgroups
is not created for the Root
Organization
Administrator.
1 enables this feature. A
containing the
organization and all
workgroups is created for
the Root Organization
Administrator.
Note: Since the default
business unit contains
data for all organizations
and workgroups, the
Threat Correlation page
can take a long time to
load all of the data.
93

[RADIUS_server_options]
Entry
Default
use_radius_auth
Description
Set to "1" to turn on RADIUS
authentication.
This is disabled by default.
radius_primary_
address
IP address for the IAS server

or TekRADIUS server.
radius_primary_
secret
Type the secret used during

IAS or TekRADIUS set up.
radius_primary_port
The authentication port used.
radius_type_options
The type of protocol used.

Examples: PAP, CHPA_MD5,
and MSCHAPv2.
[java]
Entry
Default
Description
java_use_dynamic_jre_
versioning
false
Enables you to use the Sun

Java Runtime Engine version
1.4 or later for computers on
which the enterprise manager
is running. To use a different
version, change this entry to
true. The version of the JRE is
then managed by Sun via their
web server.
Changing this setting to true
allows you to use a version of
the JRE on which you have
standardized that might differ
from the current version
(1.6.0_07).
Note: Version 1.6.0_07 or later
of the JRE is required. Earlier
versions might appear to be
accepted, but they are
unsupported and the enterprise
manager might not display
properly.
94

[remediation]
Entry
Default
Description
disable_verify
Specifies whether you want to

disable verification of tickets:
0 = do not disable verification
1 = disable verification
Compress a single PDF report

Entry
Default
Description
zip_single_pdf
By default,
this entry is
not in the
config.ini file.
Specifies whether a single PDF

report is delivered uncompressed
(default) or compressed.
true = compress single PDF

reports
false = do not compress single
PDF reports
Php.ini
PHP is a scripting language used by enterprise manager. The php.ini file contains PHP settings in
enterprise manager. This file contains many sections and settings, though this document addresses
only those settings that McAfee recommends for customers to change if necessary.
Caution: The majority of the settings in this file should not be modified for use with McAfee
PHP Settings
Entry
Default
Description
max_execution_time
300
Maximum execution time of each

script, in seconds. This determines
how long to continue running a script
on a particular host before moving
onto the next.
max_input_time
600
Maximum amount of time each script

can spend parsing request data, in
seconds. This can be adjusted to
allow for larger file uploads that
time-out prematurely.
95

Disabling SSL
memory_limit
32M
Maximum amount of memory, in

megabytes, that a script can
consume.
display_errors
Off
on Displays error messages to web

users. Use this setting only for
diagnostic purposes.
Caution: When this setting is On,
users might be able to view security
information, such as file paths and
database schema.
off Hides error messages.
post_max_size = 200M
200M
(200 MB)
Maximum size of POST data

supported by PHP.
upload_max_filesize =
200M
200M
(200 MB)
The maximum size of files that can

be uploaded to the enterprise
manager
Disabling SSL
Secure communication between the enterprise manager and the API server are set by default when
McAfee Vulnerability Manager is installed. If you are required to disable SSL, you must do the
following:
1
Turn off SSL in the configuration manager.

a Open the configuration manager and select Tools | Preferences | API Server.
b On the API Server tab, deselect both Use SSL options (under Incoming Connection and
Enterprise Manager).
c Click OK. The settings are not applied until the API server is restarted.
Restart the API server.
a In the left pane of the configuration manager, expand Foundstone Systems, then expand system that
hosts the API server.
b Select API server. Click Stop to stop the server.
c Once the server has stopped, click Start to start the server.
Modify the config.ini file on the enterprise manager.
a On the server running the enterprise manager, open the config.ini file.
Files\Foundstone\Portal\include.

Set the following parameters:
server_protocol =http
API_secure =0
report_server_secure =0
Turn off SSL in the enterprise manager.

On the server running the enterprise manager, select Start | All Programs | Administrative
Tools | Internet Information Services (IIS) Manager.
In the left pane, expand the enterprise manager and select Web Sites (Windows 2003) or Sites
(Windows 2008 R2).
96

Disabling SSL
For Microsoft Windows 2003:
In the right pane, right-click the website and select Properties.
Select Directory Security, then click Edit under Secure communications.
Deselect Require secure channel (SSL).
Click OK. Close the Properties dialog box.

For Microsoft Windows 2008 R2:
In the right pane, double-click the website.
Double-click SSL Settings.
Deselect Require SSL.
Click OK.
Restart the IIS server. Right-click the local computer, select All Tasks, then select Restart IIS.
Select Restart IIS, then click OK.
After IIS restarts, close the IIS manager window.
Turning off SSL in configuration manager

1
Open the configuration manager and select Tools | Preferences | API Server.
On the API Server tab, deselect both Use SSL options (under Incoming Connection and
Enterprise Manager).
Click OK.
The settings are not applied until the API server is restarted.
Restarting the API server

1
In the left pane of the configuration manager, expand Foundstone Systems, then expand
system that hosts the API server.
Select API server. Click Stop to stop the server.
Once the server has stopped, click Start to start the server.
Modifying the CONFIG.INI file on the enterprise manager

1
On the server running the enterprise manager, open the config.ini file.
Files\Foundstone\Portal\include.
Set the following parameters:
server_protocol =http
API_secure =0
report_server_secure =0
97

Why does my Foundstone Configuration Agent system tray icon have an exclamation mark
Turning off SSL on the enterprise manager

Microsoft Windows 2003
1
In the left pane, expand the enterprise manager and select Web Sites.
In the right pane, right-click the website and select Properties.
Select Directory Security, then click Edit under Secure communications.
Deselect Require secure channel (SSL).
Click OK. Close the Properties dialog box.
Restart the IIS server. Right-click the local computer, select All Tasks, then select Restart IIS.
Select Restart IIS, then click OK.
After IIS restarts, close the IIS manager window.
Microsoft Windows 2008 R2

1
In the left pane, expand the enterprise manager and select Sites.
In the right pane, double-click the website.
Under IIS, double-click SSL.
Deselect Require SSL.
Click Apply.
In the left pane, right-click the local computer and click Stop.
Right-click the local computer and click Start.
Close the IIS manager window.
Why does my Foundstone Configuration Agent system tray

icon have an exclamation mark
An exclamation mark appears on a system tray icon when something is not functioning properly. A
common solution is to make sure the user logging into the server has administrator rights.
The Foundstone configuration agent must be able to query service status and start or stop services.
Since the agent is a desktop application, it runs under the permissions of the logged in user. If the
user does not have administrator rights, the configuration agent tool might not function properly.
98

Installation error when FIPS is enabled
Installation error when FIPS is enabled

If you try installing McAfee Vulnerability Manager 7.5 on a system that has the Federal Information
Processing Standard (FIPS) security setting enabled, the installation fails.
To resolve this issue, disable the FIPS security setting, install the product, and then re-enable the
FIPS security setting (if necessary).
1
Open the Local Security Policy, under Administrative Tools.
Select Start | Control Panel | Administrative Tools, then select Local Security Policy.
In the left pane, expand Local Policies, then select Security Options.
In the right pane, double-click System cryptography: Use FIPS compliant algorithms for
encryption, hashing, and signing.
In the dialog box, select Disabled, select Apply, then click OK.
Close the Local Security Settings window.
99
Appendix
Microsoft SQL Server 2005 Express Settings
Appendix
Installation: McAfee recommends that you install Microsoft SQL Server 2005 Express on a Microsoft
Windows 2003 system.
Note: If you are installing SQL Server 2005 Express on a virtual system, the virtual system must be
on an IDE disk drive. See the VMware website or documentation for further information.
Suggested Usage: Only for class C networks.
Microsoft SQL Server 2005 Express installation settings

The following table shows the recommended settings for each step of the installation. These settings
are based on a typical Microsoft SQL Server 2005 Express installation.
Use the following settings when setting up Microsoft SQL Server Express.
SQL Server Express installation suggested settings

Installation Page
Setting
Registration
Information
Make sure Hide advanced configuration options

is not selected.
Feature Selections
Instance Name

Changing the SQL instance name (page 47).
Service Account

end of setup.
Note: If you are using a Named Instance, select SQL
Browser under Start services at the end of
setup.
100
Appendix
Authentication Mode

report engine.
Collation Settings
User Instances
Error and Usage

Report Settings
After the installation has completed, McAfee recommends that you restart the computer to begin
using Microsoft SQL Server Express. Then, make sure you have the latest Microsoft SQL Server
Express Service Pack.
Enabling TCP/IP
By default, TCP/IP is disabled in Microsoft SQL Server 2005 Express. TCP/IP must be enabled for
McAfee Vulnerability Manager to function properly.
1
Open the SQL Server 2005 Surface Area Configuration wizard

Server 2005 Surface Area Configuration.
Select Surface Area Configuration for Services and Connections.
Select Remote Connections under Database Engine.
Select Local and remote connections and select a TCP/IP option.
Click OK.
Restart the Database Engine service for the change to take effect.
Internet access
If a system is blocked from accessing the internet, the time service might no longer synchronize and
cannot provide the time to other clients or upgrade the system clock. This might cause McAfee
Vulnerability Manager services to not respond within an expected amount of time, causing a failure to
start. To resolve this, either let the system access the internet or add the ServicesPipeTimeout registry
entry.
ServicePipeTimeout registry entry

1
Select Start | Run.
Type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\.
If ServicePipeTimeout does not exist, create a DWORD data type and label it
ServicePipeTimeout.
Assign a value larger than 30000 (milliseconds).

For example: 90000 (milliseconds).
101
Appendix
Move the database
Microsoft SQL Server 2008 R2 Express settings

Installation: McAfee recommends that you accept the default settings during installation. You might
need to run the SQL Browser.
Suggested Usage: Only for class C networks.
Note: McAfee Vulnerability Manager does not support the use of Microsoft SQL Server 2008 Express.
Disabling Admin Approval Mode (Windows 2008 R2)

Microsoft Windows 2008 R2 has Admin Approval Mode enabled by default. With Admin Approval Mode
enabled, only the root administrator can successfully install McAfee Vulnerability Manager. All other
administrators might run into errors when trying to run or manage McAfee Vulnerability Manager.
1
Log on to the server as an administrator.
Select Start | Run.
Type secpol.msc and click OK.

The Local Security Policy window appears.
From the tree (left pane), double-click Local Policies.
Double-click Security Options.
Scroll down and double-click User Account Control: Run all administrators in Admin
Approval Mode.
Select Disable, then click OK.
Close the Local Security Policy window.
Restart the server for the policy change to take effect.
Move the database

If you have moved your database, there are some additional steps that must be done for McAfee
Vulnerability Manager to function properly. This also applies to moving your database during an
upgrade.
1
On the system that ran the database:
Stop the SQL service. You can also set the SQL service to Manual to free up some resources
on this server, but this is optional.
Delete or rename the database.ccf file. Default location: C:\Program

Files\Foundstone\Configuration.
Remove the database service dependencies for other McAfee Vulnerability Manager
components running on the server. See the McAfee KnowledgeBase article KB60408 for
detailed information.
After installing the database on the new server, open configuration manager and update the
database information.
In configuration manager, select Tools, then select Preferences. Select the Database tab and
update the database information.
102
Appendix
Using the United States Federal Information Processing Standard
Run McAfee Vulnerability Manager Update to ensure that McAfee Vulnerability Manager content
has the latest information.
Move the enterprise manager

If you change the server the enterprise manager is running on, your existing report links no longer
appear because the reports are stored on the enterprise manager server. After you move the
enterprise manager, you should regenerate your reports to see them in the new portal.
Changing the Foundstone Configuration Agent Settings

All McAfee Vulnerability Manager components have a Foundstone Configuration Agent installed. The
communication between each FCM Agent and the FCM Server is Port: 3801, (SSL over) TCP/IP. Some
configuration agent settings can be changed using the Foundstone Configuration Agent Settings dialog
box.
Using the United States Federal Information Processing

Standard
The United States Federal Information Processing Standard (FIPS) is a security requirement for
computers used by the United States federal government. The FIPS 140-2 standard defines
cryptographic algorithms and requirements for generating keys. McAfee Vulnerability Manager
supports the use of the FIPS 140-2 standard.
Configuring IIS and SQL to be FIPS compliant

For further information, see the Microsoft KB article about FIPS 140-2 compliant mode.
Note: FIPS 140-2 requires Microsoft SQL 2005 SP1 or a later version of SQL server on a Windows
2003 based server.
1
Open the Local Security Policy, under Administrative Tools.
Select Start | Control Panel | Administrative Tools, then select Local Security Policy.
In the left pane, expand Local Policies, then select Security Options.
In the right pane, double-click System cryptography: Use FIPS compliant algorithms for
encryption, hashing, and signing.
In the dialog box, select Enabled, select Apply, then click OK.
Close the Local Security Settings window.
When the server operating system is configured for FIPS 140 compliant mode, McAfee Vulnerability
Manager users cannot access the enterprise manager if TLS 1.0 is not enabled in their web browser.
See the Enable TLS 1.0 on the client system procedure below for setting up client browsers.
Enabling TLS 1.0 on the client system

For further information, see the Microsoft KB article about FIPS security settings in Windows XP and
later versions.
103
Appendix
Using the United States Federal Information Processing Standard
In Internet Explorer, select Tools, then select Internet Options.
Select the Advanced tab and navigate to Security.
Make sure the following checkboxes are selected:
Use SSL 2.0
Use SSL 3.0
Use TLS 1.0
Select Apply, then click OK.
104

MVM750 Install Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MVM750 Install Guide

Uploaded by

Copyright:

Available Formats

Installation Guide

McAfee Vulnerability Manager 7.5

Issued 6/15/2012 12:51 / McAfee Vulnerability Manager Installation Guide

Installation checklist .......................................................................................................... 6

System Requirements and Architectures ........................................................ 9

Number of servers required ................................................................................................ 9

Installing on a Single Server ........................................................................ 24

Installing on Multiple Servers ....................................................................... 31

Before you install McAfee Vulnerability Manager .................................................................. 31

Uninstalling McAfee Vulnerability Manager ................................................... 49

Uninstalling a previous version of McAfee Vulnerability Manager ............................................ 49

Configuring Your Servers .............................................................................. 51

McAfee Vulnerability Manager 7.5 Installation Guide

Running McAfee Vulnerability Manager Update as a service ............................................ 54

Upgrading to McAfee Vulnerability Manager 7.5 ........................................... 63

Troubleshooting and Tips ............................................................................. 76

Finding the NetBIOS name ............................................................................................... 76

Appendix .................................................................................................... 100

Microsoft SQL Server 2005 Express Settings ......................................................................100

McAfee Vulnerability Manager 7.5 Installation Guide

Changing the Foundstone Configuration Agent Settings .......................................................103

McAfee Vulnerability Manager 7.5 Installation Guide

Introducing McAfee Vulnerability

Installing on a single server

Step 1: Pre-installation planning

McAfee Vulnerability Manager 7.5 Installation Guide

Introducing McAfee Vulnerability Manager

Step 2: System component preparation

Step 3: Install McAfee Vulnerability Manager 7.5

Post installation tasks

Components and what they do

McAfee Vulnerability Manager 7.5 Installation Guide

Introducing McAfee Vulnerability Manager

Find product documentation

Go to the McAfee Product Download site.

Type in your grant number, then click Submit.

Select McAfee Vulnerability Manager.

McAfee Vulnerability Manager 7.5 Installation Guide

System Requirements and Architectures

System Requirements and

Number of servers required

One product server with an All- Ideal for small networks

Two product servers: One

Very common configuration

Two product servers: One

Well-suited for large,

One product server configured

McAfee Vulnerability Manager 7.5 Installation Guide

System Requirements and Architectures

Three product servers: One

Ideal for large, global,

n product servers configured as

Number of IP addresses to be scanned. The primary factor is the number of IP addresses to be

McAfee Vulnerability Manager 7.5 Installation Guide

System Requirements and Architectures

Hardware and software requirements

Single server requirements

Single server system requirements

Dual Xeon 2 GHz, Dual Core Xeon 2.33 GHz,

System Requirements and Architectures

Disk partition formats

Single server software requirements

Microsoft Windows 2008 R2

All Microsoft SQL and .NET hotfixes and patches.