[BikeGeek]

An icon for "ePolicy Orchestrator Agent" appeared on my taskbar this morning when I logged on at work. It's a shield-like icon so I assume it's somehow affiliated with my McAfee anti-virus stuff.

Can anyone elaborate on what this program does and what it's watching on my machine?

 

[johnbryanpeters]

Probably too elaborate, but this is from http://www.networkassociates.com/us/products/mcafee/mgmt_solutions/epo.htm

McAfee ePolicy Orchestrator is the industry leading system security management solution, delivering a coordinated, proactive defense against malicious threats and attacks for the enterprise. As the central hub of McAfee System Protection Solutions, administrators can mitigate the risk of rogue, non-compliant systems, keep protection up-to-date, configure and enforce protection policies, and monitor security status, 24/7, from one centralized, enterprise-scalable console.

Key Benefits

Comprehensive, enterprise system security management - Centralize, system security policy compliance and management across the enterprise

Mitigate Risk of Rogue, non-compliant systems - Proactively find rogue, non-compliant systems to eradicate potential sources of infection and vulnerability

Monitor System Security 24/7 - Integrated notification services and graphical reporting provide the 24/7 visibility required to effectively monitor system security, evaluate your policy's status, and find your network's weak points.

Reduce security capital & operational costs - Reduce capital and operational costs with true enterprise scalability and comprehensive management from one console

Manage & Protect Mobile Users - ensure remote and mobile users are as well protected and easily managed as those connecting via LAN

Product Features

Comprehensive Protection Management
ePOTM manages protection across desktops, fileservers, groupware servers, and the gateway, including anti-virus, system firewalls, anti-spam, content filtering, Host IPS- comprehensive, enterprise system security management.

Rogue System Detection
ePO passively monitors the network for any LAN-based connections, quickly establishing whether they are currently managed by ePO and providing a range of policy-based responses to rogue systems. By rapidly identifying unmanaged systems, administrators are empowered to significantly improve system security compliance and mitigate weakness.

Compliance and Threat Notification Services
Instant, proactive information is critical for a security professional especially when monitoring compliance and threat activity. ePO 3.5 will deliver integrated alerting and notification on compliance, threat activity and rogue systems within their environment. Thresholds, defined by the administrator, will enable critical alerts to be sent to specified individuals via email, SMS, text pager or to security information and system management consoles via SNMP trap. Alerts will cover threat activity, anti-virus compliance levels and rogue system connections.

Integrate with Microsoft Active Directory
Designed with administrative efficiency in mind, ePO focuses on leveraging key investments in Microsoft Active Directory, ensuring simplified change control and directory consistency throughout the enterprise. MS Active Directory (AD) integration allows the scheduled importing of systems from AD into the ePO directory and also, where appropriate, provides the capability to identically mirror AD groupings within the ePO directory.

Enforce Protection Compliance and Updates
ePO ensures enterprise-wide compliance with automatic policy enforcement, preventing systems from falling out of compliance and stopping end users from changing settings or disabling vital protection. It is central to effectively managing the update process. It uses an intelligent design of distributed repositories that puts none of the updating burden on the server, spreading the updating throughout the network, keeping network traffic low and performance high. And it is comprehensive, with the ability to deploy updates for all McAfee DATs, engines, service packs, hotfixes, and patches.

Realtime Graphical Reporting
Locating unprotected systems, tracing an outbreak to its source, or determining effectiveness of security policies is effortless with ePO's wide array of pre-defined reports-there are over thirty. Ranging from one-page executive security summaries to detailed information on virus activity, desktop firewall policy, and viral vulnerabilities, all the information is at hand. Customizing reports to specific needs is just as easy. Administrators may select from a variety of printable and exportable chart types including three-dimensional bar charts, pie charts, line graphs, and tables. ePO is integrated with Seagate Crystal Reports technology and Microsoft's MSDE/SQL server for a balance of simplicity and power that suits every size of company.

Proactively Assess Microsoft Patch Compliance
The System Compliance Profiler (SCP) is an integral component of ePO, enabling security professionals to quickly assess enterprise-wide system compliance, including the presence of vital Microsoft security patches. Profiling is based on rules, customized by the administrator or templates downloaded from McAfee, searching for a file, service, registry key, or specific Microsoft patch reference. Patch fingerprinting (utilizing MD5 hash codes) is also available to ensure absolute integrity of Microsoft security patches and prevent patch spoofing.

Scale to Enterprise Requirements
ePO cuts down on infrastructure, support costs, and administration time while centrally managing up to 250,000 nodes from one server. Large enterprises will enjoy the way ePO responds to powerful, enterprise-class servers: with tremendous scalability. Once ePO is installed, all operations can be handled using a remote console from anywhere within the organization.

Respond Rapidly to Outbreaks
In emergencies where you need all machines to update immediately, the server can demand that all agents update now and effect that change across the network. Alternatively, the outbreak might require policy changes on the system firewall, or it might require just an update or policy change at the gateway. With ePO 3.5, your response will be immediate and laser-point-focused to the task at hand.

Protect Mobile Users
With ePO, mobile employee doesn't have to be a scary phrase for the security team. By enforcing policy, even when the laptop is not connected to the network, and making updates happen whenever a connection to the Internet is sensed, ePO effectively manages your unmanageable infrastructure. And since mobile and remote users demand more flexibility, ePO 3.5 automatically provides them with updates from the nearest, most bandwidth-efficient repository and allows postponeable and resumable updating. Ultimately, ePO 3.5 ensures that your remote and mobile users are as well protected and easily managed as those connecting via LAN.