revision b product guide - mcafee€¦ · sort the list of quarantined email messages ... mcafee...

Product GuideRevision B

McAfee Quarantine Manager 7.1.1For use with McAfee ePolicy Orchestrator

COPYRIGHT

Copyright © 2016 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

TRADEMARK ATTRIBUTIONSIntel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee ActiveProtection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfeeTotal Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.Other marks and brands may be claimed as the property of others.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

2 McAfee Quarantine Manager 7.1.1 Product Guide

http://www.intelsecurity.com

Contents

Preface 7About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

1 Introduction 9Managing quarantined items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Deployment2 Deployment options 13

Types of installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Virtual installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Installing MQM with McAfee ePO . . . . . . . . . . . . . . . . . . . . . . . . . 15Installing MQM in a cluster environment . . . . . . . . . . . . . . . . . . . . . 15

Types of interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Web-based interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Mobile interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Types of administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Super Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Domain Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Operator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Levels of authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3 Plan your deployment 21Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Deployment checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Setup4 Installation 27

Prepare your installation environment . . . . . . . . . . . . . . . . . . . . . . . . . 27Configure the Microsoft SQL Server database . . . . . . . . . . . . . . . . . . . 27Install MariaDB for MQM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Configure MariaDB for Linux or Microsoft Windows . . . . . . . . . . . . . . . . . 28

Download the product files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Install or upgrade the product files . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Install the product files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Upgrade to the latest version of MQM . . . . . . . . . . . . . . . . . . . . . . 29

Configure a cluster on a Windows server . . . . . . . . . . . . . . . . . . . . . . . . 31

5 Integrating MQM with McAfee ePO 33Install MQM onto your McAfee ePO server . . . . . . . . . . . . . . . . . . . . . . . . 33

McAfee Quarantine Manager 7.1.1 Product Guide 3

Deploy the McAfee Agent onto your client computers . . . . . . . . . . . . . . . . . . . 34Deploy the MQM packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Check in the MQM packages . . . . . . . . . . . . . . . . . . . . . . . . . . 34Deploy the MariaDB for MQM component . . . . . . . . . . . . . . . . . . . . . 35Deploy MQM on client computers . . . . . . . . . . . . . . . . . . . . . . . . 36

Install the MQM extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Configure policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Create policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Enforce policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Configure reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Configure tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

6 Post-installation tasks 41Test the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Configure the database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Configure certificates for secure SMTP communication . . . . . . . . . . . . . . . . . . . 42Configure the configuration push interval . . . . . . . . . . . . . . . . . . . . . . . . 42Rebrand MQM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Customize the user interface URL . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Configuration and use7 Configuring domains 49

Create a domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Assign domains to Domain Administrators . . . . . . . . . . . . . . . . . . . . . . . . 50Assign domains to groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Change domain configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . 51

8 Configuring user accounts 53Add users to MQM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Register users automatically . . . . . . . . . . . . . . . . . . . . . . . . . . 53Import users to MQM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Create user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Register distribution lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Change user configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . 56

9 Managing quarantined items 57Search quarantined items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Perform a quick search . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Take action on quarantined items . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Manage user submissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

10 Configuring tasks 59When to run tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Schedule digest emails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Synchronize and register user lists . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Send status reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Synchronize distribution lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

11 Managing user submissions 63Manage user submissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63View search results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

12 Configuring and using the user interfaces 65Access your MQM user account . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Configure your MQM account . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Contents


Manage quarantined emails . . . . . . . . . . . . . . . . . . . . . . . . . . 68Submit spam samples to McAfee Labs . . . . . . . . . . . . . . . . . . . . . . 69

Use the mobile interface to manage quarantined emails . . . . . . . . . . . . . . . . . . 70Access the mobile user interface . . . . . . . . . . . . . . . . . . . . . . . . 70Sort the list of quarantined email messages . . . . . . . . . . . . . . . . . . . . 71View quarantined email messages . . . . . . . . . . . . . . . . . . . . . . . . 71Apply actions to quarantined email messages . . . . . . . . . . . . . . . . . . . 71

13 Configuring blacklists and whitelists 73Levels of blacklists and whitelists . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Export blacklists and whitelists . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Import blacklists and whitelists . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Manage blacklists and whitelists . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

14 Reporting 77View quarantined data on the dashboard . . . . . . . . . . . . . . . . . . . . . . . . 77Generate multi-dimensional reports . . . . . . . . . . . . . . . . . . . . . . . . . . 77Generate Top 10 reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78Generate advanced graphical reports . . . . . . . . . . . . . . . . . . . . . . . . . . 78Download a report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Maintenance15 Maintaining the server 81

View log entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Configure the diagnostics settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Configure communication between MQM and other products . . . . . . . . . . . . . . . . 82Configure advanced settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Configure the status email report settings . . . . . . . . . . . . . . . . . . . . . . . . 83Reassign quarantined email releases to different products . . . . . . . . . . . . . . . . . 83Release emails in bulk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

16 Maintaining the database 85Calculate the size of the database . . . . . . . . . . . . . . . . . . . . . . . . . . . 85Optimize the MariaDB for MQM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85Optimize the Microsoft SQL Server database . . . . . . . . . . . . . . . . . . . . . . . 86Back up the database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Database backup settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Back up the MySQL database . . . . . . . . . . . . . . . . . . . . . . . . . . 87Back up the Microsoft SQL Server database . . . . . . . . . . . . . . . . . . . . 87Restore the Microsoft SQL Server database . . . . . . . . . . . . . . . . . . . . 88Back up MariaDB for MQM . . . . . . . . . . . . . . . . . . . . . . . . . . . 88Restore MariaDB for MQM . . . . . . . . . . . . . . . . . . . . . . . . . . . 89Schedule a MariaDB for MQM backup task . . . . . . . . . . . . . . . . . . . . . 89

17 Uninstalling MQM and components 91Uninstall MQM from McAfee ePO . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Remove MQM from client computers . . . . . . . . . . . . . . . . . . . . . . . 92Remove the packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Remove the extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Index 95

Contents


Contents


Preface

This guide provides the information you need to work with your McAfee product.

Contents About this guide Find product documentation

About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.

AudienceMcAfee documentation is carefully researched and written for the target audience.

The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

• Users — People who use the computer where the software is running and can access some or all ofits features.

ConventionsThis guide uses these typographical conventions and icons.

Italic Title of a book, chapter, or topic; a new term; emphasis

Bold Text that is emphasized

Monospace Commands and other text that the user types; a code sample; a displayed message

Narrow Bold Words from the product interface like options, menus, buttons, and dialog boxes

Hypertext blue A link to a topic or to an external website

Note: Extra information to emphasize a point, remind the reader of something, orprovide an alternative method

Tip: Best practice information

Caution: Important advice to protect your computer system, software installation,network, business, or data

Warning: Critical advice to prevent bodily harm when using a hardware product


Find product documentationOn the ServicePortal, you can find information about a released product, including productdocumentation, technical articles, and more.

Task1 Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab.

2 In the Knowledge Base pane under Content Source, click Product Documentation.

3 Select a product and version, then click Search to display a list of documents.

PrefaceFind product documentation


https://support.mcafee.com

1 Introduction

McAfee®

Quarantine Manager (MQM) consolidates the quarantine and anti-spam managementfunctionality of multiple McAfee products.

Managing quarantined itemsMQM provides a central point to analyze and act on quarantined emails and files that are identified asspam, phish, viruses, potentially unwanted programs, or other unwanted content.

When incoming email messages pass through email processing or scanning products, the productssearch the messages for unwanted content. Depending on the search results, the processing andscanning products forward the message to the mail server, delete the message, or forward it to theMQM server.

Figure 1-1 MQM supported products workflow

Item Definition

1 McAfee processing or scanning product, such as McAfee® Email Gateway and McAfee® Securityfor Microsoft Exchange (MSME)

2 Mail server

3 MQM server

1


1 IntroductionManaging quarantined items


DeploymentBefore you deploy MQM on your network, consider your options and createyour deployment plan.

Chapter 2 Deployment optionsChapter 3 Plan your deployment


Deployment


2 Deployment options

MQM offers several options to meet your deployment needs.

Contents Types of installations Types of interfaces Types of administrators Levels of authentication

Types of installationsMQM offers three types of installations.

Virtual installationInstall MQM on a virtual server to allow for multiple installations of MQM to run on the same system.

You can install MQM and the database as a virtual machine and host it on a VMware ESX server.

When you install the VMware ESX server on a physical server, you can add separate virtual machinesfor MQM and other supported McAfee products.

2


The supported email scanning product receives email messages from resources outside of thenetwork, such as the Internet. The scanning product scans each message for viruses, spam, and otherunwanted content. If the message is free from unwanted content, the messages are routed to thenetwork mail server. If the message contains any unwanted content, then the message is routed toMQM.

Figure 2-1 Virtual environment

Item Description

1 Virtual machine 1, which includes supported McAfee email scanning product.

2 Virtual machine 2, which includes:• MQM server

• Database

3 VMware ESX server

4 Physical server

2 Deployment optionsTypes of installations


Installing MQM with McAfee ePOMQM installs as a McAfee

®

ePolicy Orchestrator®

(McAfee ePO™

) extension, which allows you to managethe MQM server and client systems from the McAfee ePO interface.

When you integrate MQM with McAfee ePO, you install MQM on the McAfee ePO server. McAfee ePOthen deploys the MQM packages and extensions on client computers.

Figure 2-2 MQM and McAfee ePO integration

Item Definition

1 McAfee ePO server

2 Client computer

The system running MQM also requires McAfee®

Agent. McAfee Agent runs on every system managedby the McAfee ePO server and is responsible for collecting and sending McAfee ePO information aboutMQM installations, policies, and events.

For more information on McAfee ePO, see the McAfee ePolicy Orchestrator Installation Guide andMcAfee ePolicy Orchestrator Product Guide.

Installing MQM in a cluster environmentTo make sure that MQM is always available, you can install MQM in a cluster environment.

When you set up a cluster environment with two servers, also known as nodes, you can install MQMon both nodes and configure them to share data. The common MQM configuration data resides on theshared drive.

If failure occurs on the active node, where MQM is running, the services automatically transfer to thepassive node. When a failover operation is in progress, administrators receive an email notification.

Deployment optionsTypes of installations 2


Example: The active node disconnects from the network for routine maintenance. The services fromthe disconnected active node automatically transfer to the passive node.

Figure 2-3 Two-node cluster environment

Item Definition

1 Active node

2 Passive node

3 Shared drive

Types of interfacesMQM is comprised of web-based and mobile interface portals designed specifically for administratorand user needs.

Web-based interfacesMQM is comprised of two web-based interface portals.

Administrator interface — Provides administrators with a single, central point for configuring andmanaging MQM

User interface — Users log on with their credentials to access and manage these settings:

• Quarantined email information

• Spam submissions

2 Deployment optionsTypes of interfaces


• Blacklist and whitelist

• Account settings

Mobile interfaceUsers can view the user interface on their mobile device to manage quarantined email messages.

Table 2-1 Mobile user interface actions

Action Definition

When applied, MQM completes these actions:• Adds the sender email address to the blacklist

• Deletes the email message

When applied, MQM completes these actions:• Adds the sender email address to the whitelist

• Releases the email message

Deletes the email message.

Releases the email message.

Types of administratorsTo manage the MQM server, MQM uses role-based access to assign different sets of administratorpermissions.

Contents Super Administrator Domain Administrator Operator

Super AdministratorYou create the Super Administrator account when you install MQM and log on to the web-basedadministrator interface.

The Super Administrator can access and manage all configurable MQM settings, including:

Deployment optionsTypes of administrators 2


• Administrator roles and permissions • Task management

• Domain management • User submissions

• User accounts • General maintenance

• Quarantined items

You can also create the Super Administrator alias, which is a peer to the Super Administrator. A SuperAdministrator alias is unable to create another Super Administrator alias.

Domain AdministratorThe Domain Administrator manages their assigned domain, which is configured in MQM.

Administrators that manage the domain can add blacklists and whitelists for the groups assigned.

You can also create the Domain Administrator alias, which is a peer to the Domain Administrator. TheDomain Administrator alias is unable to create another Domain Administrator alias.

OperatorOperators have similar rights and permissions as the Super Administrator.

Operators are unable to:

• View the body of quarantined email messages.

• Download or forward quarantined items.

• Modify administrator authentication.

Levels of authenticationDifferent levels of authentication modes are available for administrators.

• Directory Server Groups — Authenticates LDAP groups as administrators. When you assign administratorrights to LDAP groups, all the LDAP group users are automatically assigned administrator rights.

• Quarantine Manager Accounts — Administrators authenticated on the MQM server. The MQM server storesthe administrator logon information and executes the authentication.

• Single Sign on via HTTP header — Uses an HTTP header as the logon ID.

The Single Sign on via HTTP header mode is used when an external server completes authentication. Theexternal server forwards the request to MQM.

Administrator authentications can switch from one mode to another. When you switch authentication,the previous authentication and domain associations with administrators become invalid. You mustalso configure the Super Administrator account for the new authentication.

For example, you have MQM administering abc.com and xyz.com domains, and the authenticationmode is Quarantine Manager Accounts. You are also the Super Administrator with the [email protected] ID,and you assigned both domains to the [email protected] Domain Administrator.

When you switch to a different authentication mode, such as LDAP, all the administrator accounts anddomain assignments become invalid.

2 Deployment optionsLevels of authentication


When you create new administrators and assign domains under new authentication, the administratorconfiguration under Quarantine Manager Accounts remains deactivated. The administrators and domainsremain on the server.

Deployment optionsLevels of authentication 2


2 Deployment optionsLevels of authentication


3 Plan your deployment

Before you install MQM, verify that you have everything you need, and that your environment meetsthe minimum system requirements.

Contents Requirements Deployment checklist

RequirementsTo ensure that your deployment is successful, your environment must meet the minimumrequirements.

Important considerations

• You must install MQM on a dedicated machine without any other McAfee products, mail servers, orsimilar applications installed, including:

• McAfee Security for Microsoft Exchange

• McAfee ePO

• MQM uses Microsoft Cluster Services to install MQM in a two-node cluster environment.

• We recommend that you use a minimum 1024 x 768 pixel screen resolution.

• MQM supports up to 200,000 users.

Table 3-1 Requirements

Component Requirement

Server-classoperating system

Install MQM on any of these 64-bit server-class operating systems:• Microsoft Windows 2008 Server R2 SP1

• Microsoft Windows Server 2012

• Microsoft Windows Server 2012 R2

VMware MQM supports these versions of VMware:• 5.0

• 5.1

• 5.5

3


Table 3-1 Requirements (continued)


Databases MQM supports these databases:• MariaDB 10.0.20 (available in the MQM download package)

• Microsoft SQL Server 2008

• Microsoft SQL Server 2008 R2


• When you use Microsoft SQL Server as the database, ensure theSQL Native Client driver is installed on the MQM system.

• Ensure that you install the MariaDB for MQM on a drive withenough free space.

• The available free space should be at least 150% of the currentdatabase size at all times.

• MQM supports a maximum database size of 500 GB.

Directory MQM supports these directory services:• Microsoft Active Directory • OpenLDAP

• IBM Domino Directory • Sun Java System DirectoryServer

• Novell eDirectory

Hardware memory 2 GB available RAM

Disk space 160 GB with NTFS file system

Networkrequirements

100/1000 Mbps Ethernet card

Upgrades MQM supports these upgrades:• 7.0.1

• 7.0.1 Rollup1

• 7.1.0

• 7.1.0 Patch 1

Processor 2 virtual processors

Messaging servers MQM supports these messaging servers:• Novell GroupWise Mail

• Sun Java System

• Microsoft Exchange

Email clients MQM supports these email clients:• Microsoft Outlook 2007 • IBM Lotus Notes 7.0

• Microsoft Outlook 2010 • Novell Groupwise

• Microsoft Outlook 2013 • Sun Java Convergence

• Microsoft Outlook Express

3 Plan your deploymentRequirements


Table 3-1 Requirements (continued)


McAfee products MQM supports these McAfee products:• McAfee Email Gateway

• McAfee Security for Microsoft Exchange

• McAfee Security for Lotus Domino (Windows and Linux)

• McAfee® Email and Web Security 5.6 (RPC Channel only)

• McAfee® ePolicy Orchestrator® (McAfee ePO™) 5.1.3 and 5.3.1

Internet browsers Web-based components require one of these supported Internet browsers:• Microsoft Internet Explorer 9.0, 10.0, and 11.0

• Mozilla Firefox 17 and later

• Google Chrome 40 and later

Mobile operatingsystem

You can access the MQM user interface and mobile digest from these mobileoperating systems:• Apple iOS 8.3

• Android OS 4.4.2

Windows component Internet Information Service 6.0 (IIS) and later

Communication ports • We recommend that you do not change the default communication protocoland port between MQM and McAfee products.

• You can use HTTP on port 80 or legacy non-HTTP on port 49500.

• Open port 80 or 49500 for both directions on any firewalls between MQMand McAfee products.

Deployment checklistTo make sure that your network is ready to install MQM, review the deployment checklist.

Determine... Verified

If your environment meets all minimum requirements

The location of the network server where you plan to install the MQM software

If you have administrator rights on all servers you intend to use

If you plan to install the MQM software for high availability. For high availability, do thefollowing:• Determine which servers to include in the cluster.

• Gather the IP addresses for each server.

• If you have firewalls running on the server in your cluster, you must open the ports usedfor communication.

If you plan to deploy MQM and the database as a virtual machine

Plan your deploymentDeployment checklist 3


Determine... Verified

That you install these databases on a computer where no other database product isinstalled:• MariaDB for McAfee Quarantine Manager


• Microsoft SQL Server 2008 R2


If you want to use the Microsoft SQL Server 2008 or 2012 that is installed on a differentcomputerIf so, ensure that the Microsoft SQL Server Native Client is installed on the MQM server.

The authentication level you want to use to access the administrator and user interfaces

Which users to assign these administrator roles:• Super Administrator

• Domain Administrator

• Operator

That MQM can communicate over the network with connected McAfee products

3 Plan your deploymentDeployment checklist


SetupInstall the MQM software on your computer, and complete thepost-installation tasks.

Chapter 4 InstallationChapter 5 Integrating MQM with McAfee ePOChapter 6 Post-installation tasks


Setup


4 Installation

Prepare your installation environment and install MQM on its own, or in a cluster environment.

Contents Prepare your installation environment Download the product files Install or upgrade the product files Configure a cluster on a Windows server

Prepare your installation environmentSet up the appropriate database environment for your MQM installation.

Configure the Microsoft SQL Server databaseConfigure the settings for the existing Microsoft SQL Server database for MQM.

Task1 On the SQL Server, enable Mixed mode authentication.

2 Create a database user with Server Role as sysadmin.

3 Create a blank database to use with MQM, and assign the user you created as the owner of thedatabase.

4 Install Microsoft SQL Server Native Client on the MQM server.

Install MariaDB for MQMYou can install MariaDB for MQM and MQM on two different servers or on the same server.

Task1 From the MariaDB for McAfee Quarantine Manager directory, extract the .zip file to a temporary directory,

then click SETUP.EXE.

2 Click Next and follow the on-screen instructions.

3 In the Database Server Settings dialog box, specify these configuration settings for MariaDB for McAfeeQuarantine Manager:• Username — The default user name is root.

• Password — The default password is root.

• Database name — The default database name is mqm.

4


• Port number — The default port number is 3306.

• MQM Super Administrator Username and Password — The default user name is [email protected] andthe default password is super123.

4 In the Ready to Install dialog box, click Next.

5 Click Finish.

Configure MariaDB for Linux or Microsoft WindowsConfigure the parameters for the existing MariaDB 10.0.20 database.

Add the following parameters in the "MY.CNF" / "MY.INI" file:

Parameter Value

default_storage_engine InnoDB

lower_case_table_names 1

max_allowed_packet At least 150 M (where M represents MB)

max_connections At least 100

innodb_file_per_table 1

The following parameter settings are recommended.

Parameter Value

max_allowed_packet 1024 M (where M represents MB)

max_connections 500

innodb_flush_log_at_trx_commit 0

innodb_support_xa 0

innodb_locks_unsafe_for_binlog 1

innodb_doublewrite 0

• All "innodb_*" parameters must be uncommented.

• External MariaDB database on Linux and Microsoft Windows is supported only withInnoDB engine.

Download the product filesDownload the MQM product files from the McAfee Downloads page.

Task1 Go to the McAfee Downloads page.

2 Enter your grant number, then click Go.

3 Go to Quarantine Manager, and select the version.

4 Download the appropriate installation file.

4 InstallationDownload the product files


http://www.mcafee.com/us/downloads/downloads.aspx

Install or upgrade the product filesTo complete the installation, install or upgrade the MQM product files on your supported server-classoperating system.

Install the product filesInstall the MQM product files on your computer.

Task

1 Locate and unzip the downloaded MQM product files.

2 Double-click the MQM setup.exe file.

3 Follow the on-screen command prompts.

4 Enter the port number that IIS uses to hosts the MQM web-based interface.

The default value is 80.

5 Click Finish.

6 To restart the computer, click Yes.

Upgrade to the latest version of MQM Upgrade the previous version of the MQM software to the latest version.

Tasks

• Upgrade the MQM product files on page 29Upgrade the MQM product files to the latest version.

• Upgrade MySQL for MQM to MariaDB for MQM on page 30Upgrade the MQM database to the latest version.

Upgrade the MQM product filesUpgrade the MQM product files to the latest version.

Task

1 Stop the MQM service.

2 Back up the database.

3 Start the MQM service.

4 Install the latest version of MQM.

The database is automatically migrated.

When you log on to MQM during database migration, the following message appears:

Migration of database is in progress. Please try after some time. Migration Status: <Y>out of <X> tables completed.

5 To make sure the interface displays correctly, clear the browser cookies and temporary Internetfiles, then restart the browser.

See also Back up the database on page 86

InstallationInstall or upgrade the product files 4


Upgrade MySQL for MQM to MariaDB for MQMUpgrade the MQM database to the latest version.

Task1 Stop the MQM service.

2 From the command prompt, go to the MySQL installation folder, navigate to the bin directory, andexecute the following command:

mysqldump --complete-insert -n --add-drop-table -R <Database> -u<DatabaseUser> -p<DatabaseUserPassword> -r“<BackupLocation>” --max-allowed-packet=1024MFor example, if these are your variables:

• Database name — mqm

• User name — root

• Password — dbase

• Backup location — C:\Backups\MQM\MQMBackup.sql

Use the following command:

mysqldump --complete-insert -n --add-drop-table -R mqm -u root -pdbase -r "C:\Backups\MQM\MQMBackup.sql" --max-allowed-packet=1024M

3 Uninstall MySQL for MQM, then install MariaDB for MQM.

4 In the my.ini file, change the innodb_log_file_size parameter to 256M.

a From the MariaDB installation directory, open the data folder, then open the my.ini file forediting.

b Locate the [mysqld] section, change the innodb_log_file_size parameter value to 256M, thensave the file.

5 Restart MariaDB for MQM.

6 From the command prompt, go to the bin directory in the MariaDB installation folder and executethe following command:

mysql -e "source <CompletePathofBackupFile>" -u<DatabaseUser> -p<DatabaseUserPassword> --max_allowed_packet=1024M --default-character-set=utf8 <Database>For example, if these are your variables:

• Database name — mqmv7





mysql -e "source C:\Backups\MQM\MQMBackup.sql" -uroot -pdbase --max_allowed_packet=1024M --default-character-set=utf8 mqmv7

4 InstallationInstall or upgrade the product files


7 Start the MQM service, then log on and verify that:

• The data migration was successful

• Users can log on to MQM

8 In the my.ini file, edit the innodb_log_file_size parameter to 32M.

a From the MariaDB installation directory, open the data folder, then open the my.ini file forediting.

b Locate the [mysqld] section, change the innodb_log_file_size parameter value to 32M, thensave the file.

9 Restart MariaDB for MQM.

See also Configure the database on page 41Test the installation on page 41

Configure a cluster on a Windows serverSet up a cluster environment with MQM running on a Windows 2008 R2 SP1, Windows 2012, orWindows 2012 R2 server.

Task1 Perform the full installation process on both nodes.

2 Click Start | Administrative Tools | Failover Cluster Manager.

3 Right-click Services and applications, then select Configure a Service or Application.

4 Configure the High Availability Wizard options.

a Select Select Service or Application | Other Server, then click Next.

b On the Client Access Point page, enter the Name and IP Address to access the MQM resources, thenclick Next.

c On the Select Storage page, select the storage that MQM uses to store shared data, then click Next.

d On the Select Resource Types page, select McAfee MQM Cluster Framework, then click Next.

e Configure the remaining options, then click Finish.

5 From the console tree, select the cluster.

6 On the MQM clustering service Summary page, right-click New McAfee MQM Cluster Framework and selectProperties.

a On the New McAfee MQM Cluster Framework Properties window, click the Properties tab.

b In the Value column, enter the shared drive location for the Shared_Data_Drive.

c Click the Policies tab.

d Enter the Maximum restarts in the specified period value.

e Select If restart is unsuccessful, failover all resources in this service or application.

InstallationConfigure a cluster on a Windows server 4


f Click the Dependencies tab and verify that the appropriate dependencies appear.

g Click OK.

4 InstallationConfigure a cluster on a Windows server


5 Integrating MQM with McAfee ePO

McAfee ePO provides a scalable platform for centralized policy management and enforcement on yourMcAfee security products and systems where they reside. It also provides comprehensive reportingand product deployment capabilities, all through a single point of control.

McAfee recommends that you are familiar with the McAfee ePO software before you start theintegration.

This guide does not provide detailed information about installing or using McAfee ePO software. See theePolicy Orchestrator Product Guide and the ePolicy Orchestrator Installation Guide.

Contents Install MQM onto your McAfee ePO server Deploy the McAfee Agent onto your client computers Deploy the MQM packages Install the MQM extensions Configure policies Configure reports Configure tasks

Install MQM onto your McAfee ePO serverExtract the MQM package onto your McAfee ePO server.

Task1 Log on to the McAfee ePO server as an administrator.

2 Create a temporary directory on your local drive.

3 Extract these MQM package folders to a temporary directory.

• McAfee Quarantine Manager

• MariaDB for McAfee Quarantine Manager

• ePO

From the ePO folder, use the policies, reports, and Help .zip files to install the McAfee ePOextensions.

5


Deploy the McAfee Agent onto your client computersMcAfee Agent is the distributed component of McAfee ePO that you must install on each networksystem that you want to manage.The agent collects and sends information to the McAfee ePO server. It also installs and updates theendpoint products, and applies your endpoint policies. McAfee ePO manages only systems that havethe McAfee Agent installed.

TaskFor details about product features, usage, and best practices, click ? or Help.

1 Log on to the McAfee ePO server as an administrator.

2 Click Menu | Systems | System Tree.

3 On the Systems tab, select This Group Only from the Preset drop-down list.

If the group does not have systems, but has subgroups with systems, select This Group and AllSubgroups from the Preset drop-down list.

4 Select one or more systems from the list, then click Actions | Agent | Deploy Agents.

5 On the Deploy McAfee Agent page, verify the settings, then click OK.

It takes a few minutes for the McAfee Agent to install and for client systems to retrieve andexecute the installation packages for the endpoint products. When first installed, the agentdetermines a random time within 10 minutes for connecting to the McAfee ePO server to retrievepolicies and tasks.

There are many other ways to deploy the McAfee Agent. For more information, see the ePolicyOrchestrator Product Guide or online Help.

Deploy the MQM packagesDeploy MQM packages on client computers to manage them using McAfee ePO.

Check in the MQM packagesCheck in the MQM and MariaDB for MQM packages to the McAfee ePO Master Repository.



2 Click Menu | Software | Master Repository.

3 Check in the MQM package.

a On the Packages in Master Repository page, click Actions | Check In Package.

b On the Check in Package page, select Product or Update as the Package type.

c Click Browse, then navigate and select the MQM server .zip file.

d Click Next.

e On the Package Options page, verify that the information is correct, then click Save.

5 Integrating MQM with McAfee ePODeploy the McAfee Agent onto your client computers


4 Check in the MariaDB for MQM package.

a On the Packages in Master Repository page, click Actions | Check In Package.

b On the Check in Package page, select Product or Update as the Package type.

c Click Browse, then navigate and select the MQMDB.zip file.

d Click Next.

e On the Package Options page, verify that the information is correct, then click Save.

Deploy the MariaDB for MQM componentAdd the MariaDB for MQM component to McAfee ePO-managed client computers.

Tasks

• Deploy the MariaDB for MQM component using McAfee ePO on page 35Use the McAfee ePO interface to add the MariaDB for MQM component.

• Deploy the MariaDB for MQM component using the command line on page 35To deploy the MariaDB for MQM with the command line using customized values, enter theparameters separated by a space.

Deploy the MariaDB for MQM component using McAfee ePOUse the McAfee ePO interface to add the MariaDB for MQM component.




3 Select the system, then click Actions | Agent | Run Client Task Now.

4 Configure the task options.

a On the Product list, select McAfee Agent.

b On the Task Type list, select Product Deployment.

c Click Create New Task.

5 Select the Target platforms.

6 Configure the Products and components options.

a From the drop-down list, select MariaDB for McAfee Quarantine Manager.

b From the Action drop-down list, select Install.

7 Click Run Task Now.

8 When the task completes, click Close.

Deploy the MariaDB for MQM component using the command lineTo deploy the MariaDB for MQM with the command line using customized values, enter the parametersseparated by a space.

For example: INSTALLDIR="C:\MariaDB" SUPERID="[email protected]"SUPERIDPWD="superduper123"

Integrating MQM with McAfee ePODeploy the MQM packages 5


Table 5-1 Command line parameters

Parameter Example Description

INSTALLDIR INSTALLDIR="C:\MariaDB" Installs MariaDB in the specified folderlocation

MYSQLUSER MYSQLUSER="root123" Sets the MariaDB user name

MYSQLPASSWORD MYSQLPASSWORD="root123" Sets the MariaDB password

MYSQLDBNAME MYSQLDBNAME="mymqm" Sets the MariaDB database name

MYSQLPORT MYSQLPORT=3361 Sets the MariaDB port number

SUPERID SUPERID="[email protected]" Sets the Super Administrator email address

SUPERIDPWD SUPERIDPWD="superduper123" Sets the Super Administrator password

Deploy MQM on client computersPerform a standard installation on your client computers using MQM default settings.

Tasks• Deploy MQM on client computers using McAfee ePO on page 36

Use the McAfee ePO interface to perform a standard installation on your client computers.

• Deploy MQM on client computers using the command line on page 36To deploy MQM using the command line, enter the parameters separated by a space.

Deploy MQM on client computers using McAfee ePOUse the McAfee ePO interface to perform a standard installation on your client computers.




3 Select the system, then click Actions | Agent | Run Client Task Now.

4 Configure the task options.

a On the Product list, select McAfee Agent.

b On the Task Type list, select Product Deployment.

c Click Create New Task.

5 Select the Target platforms.

6 Configure the Products and components options.

a From the drop-down list, select McAfee Quarantine Manager.

b From the Action drop-down list, select Install.

7 Click Run Task Now.

8 When the task completes, click Close.

Deploy MQM on client computers using the command lineTo deploy MQM using the command line, enter the parameters separated by a space.For example: INSTALLDIR="C:\MQM" REBOOTREQUIRED=1

5 Integrating MQM with McAfee ePODeploy the MQM packages


Table 5-2 Command line parameters

Parameter Example Description

INSTALLDIR INSTALLDIR="C:\MQM" Installs MQM in the specified folder location.

REBOOTREQUIRED REBOOTREQUIRED=1 Restarts the client computer after installation.

Install the MQM extensionsInstall MQM extensions on client computers to manage them using McAfee ePO.



2 Click Menu | Software | Extensions | Install Extension.

3 Install the MQM policy extension.

a On the Install Extension dialog box, click Browse.

b Locate and select the MQM policies .zip file, then click OK.

When you use McAfee ePO to manage more than one MQM server, we recommend that youassign a separate database configuration policy to each server. Assigning a separateconfiguration policy avoids conflict between the servers connected to the same database.

4 Install the MQM reports extension.


b Locate and select the MQM reports .zip file, then click OK.

5 Install the MQM Help extension.


b Locate and select the MQM Help .zip file, then click OK.

Configure policiesYou can use the McAfee ePO console to enforce policies across groups of computers or on a singlecomputer.

These policies override configurations set on individual computers. For information about policies andhow they are enforced, see the McAfee ePolicy Orchestrator Product Guide.

Before configuring any policies, select the group of computers where you want to change MQMpolicies. You can change MQM policies from the pages and tabs that are available in the details pane ofthe McAfee ePO console. These pages resemble those you can access from the MQM administratorinterface.

After you change the appropriate policies and save the changes for the intended computer or group ofcomputers, you are ready to deploy new settings via the McAfee Agent.

Integrating MQM with McAfee ePOInstall the MQM extensions 5


Tasks• Create policies on page 38

Create the policies that you deploy to groups of computers, or to a single computer.

• Enforce policies on page 38Enforce a policy to multiple managed systems within a group.

Create policiesCreate the policies that you deploy to groups of computers, or to a single computer.




3 Click the Assigned Policies tab.

4 From the Product drop-down list, select McAfee Quarantine Manager.

5 Locate the policy and click Edit Assignment.

6 Create and configure the policy options.

a Click New Policy.

b From the Create a policy based on this existing policy drop-down list, select the policy that you want toduplicate.

c Enter the Policy Name, then click OK.

Enforce policiesEnforce a policy to multiple managed systems within a group.




3 Click the Assigned Policies tab, then select McAfee Quarantine Manager from the Product drop-down menu.

4 Click Edit Assignment next to the policy Category you want to enforce.

5 From the Assigned policy drop-down menu, select the policy, then click Save.

6 Click the Systems tab, then select the system.

7 Send an agent wake-up call.

a Click Actions | Agent | Wake Up Agents.

b On the Wake Up McAfee Agent page, select Agent Wake-Up Call as the Wake-up call type.

c Enter a Randomization period between 0–60 minutes, which is the amount of time for systems torespond to the wake-up call.

5 Integrating MQM with McAfee ePOConfigure policies


d Select Get full product properties in addition to system properties.

e Click OK.

To view the status of the agent wake-up call, click Menu | Automation | Server Task Log.

Configure reportsUse predefined queries in McAfee ePO to generate visual representations of the MQM data.

McAfee ePO has its own querying and reporting capabilities, and includes a set of default queries.However, you can duplicate and manage all predefined MQM queries.



2 To edit a predefined query, open the query in the Query Builder.

a Click Menu | Reporting | Queries & Reports.

b On the Query tab, select the MQM query, then click Edit.

c On the Query Builder page, click Others from the Feature Group list.

d Select the result type, then click Next.

3 Select the query layout.

a From the Display Results as menu, select the layout.

b Configure the remaining layout options, then click Next

4 Select the query columns.

a From the Available Columns menu, select the columns to apply to your query.

b In the Selected Columns configuration area, select, drag, and position each column.

c Click Next.

5 On the Filter page, select the properties and operators that limit the query data.

6 From the Available Properties menu, select the properties and configure the corresponding values, thenclick Run.

7 Save the query.

a Click Save.

b On the Save Query page, enter the Query name, add any notes, and select the Query Group.

c Click Save.

Integrating MQM with McAfee ePOConfigure reports 5


Configure tasksView, manage, and schedule tasks, which are configurable actions that are performed at convenienttimes.

There are certain tasks you must complete on a regular basis. For example, schedule a task toautomatically purge the MQM database and remove old quarantined items.



2 Click Menu | Policy | Policy Catalog.

a From the Product drop-down list, select McAfee Quarantine Manager.

b From the Category drop-down list, select Task Manager.

c Click on the policy that you want to manage.

3 Click Add.

4 On the Add window, configure the options, then click OK | Save.

5 Integrating MQM with McAfee ePOConfigure tasks


6 Post-installation tasks

To complete the installation, complete the post-installation tasks.

Contents Test the installation Configure the database Configure certificates for secure SMTP communication Configure the configuration push interval Define administrators Rebrand MQM Customize the user interface URL

Test the installationVerify the connection between MQM and other McAfee products.

When you enable the Use HTTP to communicate with the MQM server (MQM v6 and greater) option on your McAfeeEmail and Web Security Appliance, the Test option cannot verify connectivity.


1 Click Start | All Programs | McAfee | Quarantine Manager | Administrator UI.

2 On the McAfee Quarantine Manager Administrator Log On page, log on to the Super Administrator accountthat you specified during installation.

3 Log on to the administrator interface.

4 Click Dashboard | Quarantined.

5 Click the Connected McAfee Products tab, then click Test.

Configure the databaseConfigure a supported external database and check that MQM can connect to it.

Task1 Click Start | All Programs | McAfee | Quarantine Manager | DB Management UI.

2 On the McAfee Quarantine Manager Administrator Log On page, click Configure Database.

3 On the Authentication Required page, enter the credentials, then click OK.

6


4 On the Database Configuration page, configure the options.

a From the Database Type drop-down list, select the type of database that you want to use.

b In the Database Server field, enter the database server IP address or host name.

For SQL Server, specify named instances in the Server\Namedinstance format.

c In the UserName field, enter the database user name that MQM uses to connect to the databaseserver. The user name must have write permissions for the database defined under DatabaseName.

d In the Password field, enter the password.

e In the Database Name field, enter the database name.

f In the Database Port field, enter the port number that MQM uses to connect to the database server.

g To connect to the database using the default port, select Use default port.

h To erase all data from the database and create a database schema, select Create Quarantine Managerschema, then enter the email address and password.

Schema is the structure of the database that defines the objects in the database. It defines thetables, the fields, indexes, and procedures.

5 Click Test.

6 When the database configuration is successful, click Apply.

Configure certificates for secure SMTP communicationConfigure certificates for the secure (TLS) SMTP communication.

To install on the SMTP server, the Transport Layer Security (TLS) communication needs a validcertificate signed by a valid CA (certificate authority). MQM must have the CA certificate installedwhen the TLS option is enabled for sending emails.

Ensure that the certificate is PEM format.

Task1 In the MQM installation directory, navigate to \bin\certs.

2 Create a file. Use the name ca.pem.

3 Open the CA certificate file and copy the contents to ca.pem.

If you have certificates from different CAs, copy the contents of all the CA certificates to the ca.pemfile.

Configure the configuration push intervalPush configuration changes to products connected to MQM.The configuration push is completed at regular intervals. You can specify the minimum intervalbetween the configuration updates on the connected McAfee products.

6 Post-installation tasksConfigure certificates for secure SMTP communication




2 Select Settings and Diagnostics | Communications | Advanced.

3 In the Configuration Push Interval (seconds) field, enter the interval.

The default is 14400.

Define administratorsCreate and assign administrator roles to network users.

Use LDAP groups as MQM administratorsAssign administrator rights to LDAP group users.LDAP groups are defined on the LDAP server. When groups on the LDAP server are defined to act asthe administrator, any user belonging to the group can act as the administrator.

• MQM does not support nested LDAP groups to act as administrators.

• For Active Directory, log on to the computer as the group member user that you want toact as an administrator.



2 Configure the LDAP server.

a Click Settings and Diagnostics | Communications | LDAP Server.

b Configure the LDAP server settings, then click Add.

3 Click Administrator Management | Manage Administrator | Administrator Authentication.

4 Select Directory Server Groups and click Next.

5 Select the group.

6 When prompted to confirm, click Yes.

The Administrator Authentication settings are changed, and you are logged out.

7 To log on with new credentials, select Click Here.• For all LDAP groups except Active Directory, specify the logon credentials.

• For Active Directory, you automatically log on using the current Windows account.

• Super Administrators can assign LDAP groups to act as Operator and DomainAdministrators.

• The Alias role is not applicable for Directory Server authentication.

Post-installation tasksDefine administrators 6


Create administrators with restricted rightsCreate Domain Administrator accounts and assign administrator rights.



2 Click Administrator Management | Manage Administrator | Add New Account.

3 On the Account Role and Details page, select the Account Role, then enter the Account Details.

4 Click Next.

5 On the Visible Quarantine Queues page, select the queues, then click Next.

To include all child queues, select the parent category .

6 On the Management Privileges page, select the administrator rights.

To grant all rights, select All Privileges.

By default, all rights are enabled.

7 Click Finish.

If the Administrator does not have permissions, the deselected options are hidden. For example,when you deselect Generate reports, the Administrator is unable to view these administrator interfacefeatures:

• Graphical Reports link

• Reports tab on the Dashboard page

Rebrand MQMUse the MQM rebranding kit to customize the colors and text on the administrator interface.

Task1 Open the Rebrand folder.

Example: C:\Program Files (x86)\McAfee\Quarantine Manager\AdminUI\Rebrand

2 Open and edit the Rebrand file.

3 Add your company logo.

a Resize your company logo to a 3:1 aspect ratio.

b Locate the LogoImagePath line.

6 Post-installation tasksRebrand MQM


c Remove ../Rebrand.logo.gif, then enter ../Rebrand/<your_logo>.gif.

• You can use any image format that a web browser can render.

• Do not delete the existing logo.gif file.

• Do not place the logo file outside the MQM AdminUI folder. Instead, enter the relativepath from the MQM AdminUI folder.

• Do not use a logo image more than 1 MB in size.

4 Add your corporate colors.

Make sure you use only a valid color code that your browser can interpret. Invalid color codes cancause scripting errors, which causes the interface to not render properly.

a On the TitlebarColor line, remove #B00C33, then enter the color code.

b On the TopLinkBarColor line, remove #000000, then enter the color code.

5 Add your company and product names.

To avoid distorting the title bar, the length of the combined company and product names must notexceed 100 characters.

a On the CompanyName line, remove McAfee, then enter your company name.

b On the ProductName line, remove Quarantine Manager, then enter Quarantined Mail Store.

6 Save your changes and close the window.

Customize the user interface URLBy default, the MQM URL that is referred to in email communications (such as digest email andpassword reminders) contains a fully qualified domain name in the http://<yourdomain>/MQMUserUIformat. To meet your network needs, you can change the user interface URL.



2 Select Settings and Diagnostics | Advanced Settings | Settings.

3 In Email Notifications Related, select Customize Server URL.

4 Configure the options, then click Apply.

Post-installation tasksCustomize the user interface URL 6


6 Post-installation tasksCustomize the user interface URL


Configuration and useUse the MQM interface components to configure your quarantine options.

Chapter 7 Configuring domainsChapter 8 Configuring user accountsChapter 9 Managing quarantined itemsChapter 10 Configuring tasksChapter 11 Managing user submissionsChapter 12 Configuring and using the user interfacesChapter 13 Configuring blacklists and whitelistsChapter 14 Reporting


Configuration and use


7 Configuring domains

To add your network users to MQM, you must register your network domains.

Contents Create a domain Assign domains to Domain Administrators Assign domains to groups Change domain configuration settings

Create a domainCreate a domain to store domain-based quarantined items.



2 Select Admininistrator Management | Manage Domains.

3 Enter the Domain Name, then click Add.

• The Domain Name must not exceed 61 characters, and can contain letters, numbers, and dots.

• MQM does not support wildcards and subdomains are explicitly registered.

4 Click Quarantine Management | Quarantined Items.

Items quarantined by the supported McAfee product are listed under View Results.

5 Click Quarantined Items, then select the domain name from the drop-down list to view the quarantinedemails for the domain.

Tasks• Export and import domains on page 49

Use MQM to export users from one email domain, then import them into another.

Export and import domainsUse MQM to export users from one email domain, then import them into another.

Adding all email domains that your organization manages is mandatory for various MQM features,such as email digests and user access.

When an item is quarantined from a domain that is unregistered, it is grouped under Others.

7


Tasks

• Create the domain export file on page 50To export one or more domains registered in MQM to a specified location, create an exportfile.

• Import domains on page 50Import domains from .csv or .txt files.

Create the domain export fileTo export one or more domains registered in MQM to a specified location, create an export file.



2 Click Administrator Management | Manage Domains | Import / Export Domains.

3 From the Managed Domains List, select one or more domains, then click Export.

Multiple domains are exported in a single text file.

4 On the File Download window, click Save.

Import domainsImport domains from .csv or .txt files.



2 Click Administrator Management | Manage Domains | Import / Export Domains.

3 To locate the file, enter the File Path, or click Browse.

4 Click Import.

MQM generates a report of successful or failed imported domains. All domains are listed in the ManagedDomains List.

Assign domains to Domain AdministratorsTo delegate quarantine management tasks for domains, create a Domain Administrator and assign thedomains.



2 Click Administrator Management | Manage Domains.

3 From the Managed Domains List, select the domain, then click Assign Administrator.

To assign only one domain to the Domain Administrator, click Assign on the Domain Admin column.

7 Configuring domainsAssign domains to Domain Administrators


4 On the Assign Admin configuration area, select the administrators from the Administrators List, then clickAdd.

5 Click Assign.

• When a single domain is assigned, the previously assigned administrators are automaticallypopulated in the Assigned Administrator(s) List.

• When multiple domains are assigned, the Assigned Administrator(s) List remains empty.

Assign domains to groupsAssign domains to groups that are registered in connected McAfee products.




3 From the Managed Domains List, select the domain, then click Modify/View.

4 On the Assign Groups page, select one or more groups from the Groups List, then click Add.

5 Click Assign.

When you click Remove, the group is assigned to the Super Administrator.

Change domain configuration settingsChange the configuration options for one or more domains.




3 From the Managed Domains List, select one or more domains, then click Modify Configuration.

4 For each detection, select and configure the User and Queue Settings.

5 Configure the Mail Settings options that set the parameters for the mail server to facilitatecommunication with domain users.

a In the Server Name / IP Address field, enter the host name or IP address of the domain mail server.

b In the Port field, enter the mail server port.

c To enhance the privacy of emails sent to the domain users, select Use TLS.

6 In Digest Settings, select Automatically register end-users from the quarantined database during Email Digest task.

7 Click the Templates tab, and configure the options.

8 Click Apply.

Configuring domainsAssign domains to groups 7


7 Configuring domainsChange domain configuration settings


8 Configuring user accounts

You can create and manage MQM user accounts using the administrator interface, or manage useraccounts defined on the LDAP server.

Contents Add users to MQM Create user accounts Register distribution lists Change user configuration settings

Add users to MQMTo create user accounts, you must register or import users to MQM.

Register users automaticallyConfigure the settings that allow users to automatically register using information available in thequarantine database.




3 Select the domain, then click Modify Configuration.

4 On the General tab, select Automatically register users from the quarantined database during Digest operation in DigestSettings.

The corresponding Recipient Check feature is enabled in the MQM connected products.

5 Click Apply.

Import users to MQMTo enable users to access their account on the user interface, import them to MQM.

Import users from LDAP serversImport users that are registered with LDAP servers.

Before you beginEnsure that the authorization mode is set to LDAP Server Accounts.

8




2 Click Settings and Diagnostics | Communications | LDAP Server.

Each LDAP server type has parameters that you must define to facilitate communication with theMQM server.

3 Enter the LDAP Setting Name.

4 Select the Server Type from the drop-down list, then configure the remaining options.

5 To check the connectivity, click Test.

6 To assign administrator rights to users on the LDAP server, synchronize the user list on the MQMLDAP server.

a Click End User Management | General.

b Configure the User Synchronization Settings.

7 To import users from the LDAP server, create a user synchronization task.

a Click Settings and Diagnostics | Task Manager.

b From the Task Type drop-down list, select User Synchronization.

c Specify when to run the task, enter the Task Name, then click Add.

See also Synchronize and register user lists on page 60

Import users from .csv or .txt filesRegister multiple users by importing a delimited text file containing the list of users. The supported fileformats are .csv and .txt.

Domains must be registered with MQM before you can add users.



2 Click End User Management | User Management | General.

3 Configure the User Import settings.

4 Click Create Users.

If you want to use multi-byte characters, the imported filed format must be UTF-8.

Import users from XML filesImport users and corresponding configuration settings from an XML file.

Domains must be registered withMQM before you can add users.

8 Configuring user accountsAdd users to MQM




2 Click Blacklists and Whitelists | Import and Export.

3 In the Import configuration area, click Browse, then select the XML file you want to import.

4 To merge the imported and previous user configurations, select Merge user configuration.

If you do not select this option, the user configuration is overwritten.

5 Click Import Configuration.

Create user accountsTo enable users to access their accounts on the user interface, create user accounts.

Task1 Click Start | All Programs | McAfee | Quarantine Manager | UserUI.

2 Click New user? Click here to register.

3 On the McAfee Quarantine Manager User Registration page, enter the user Email Address.

4 Click Register.

An email is sent to the user email address with the logon credentials.

Register distribution listsWhen emails are sent to distribution lists, MQM quarantines the email. MQM creates a copy of theemail and sends it to each user on the distribution list. When users receive the email, they canrelease, delete, or blacklist it.

Nested distribution lists are not supported.



2 Configure the LDAP server.

a Click Settings and Diagnostics | Communications | LDAP Server.

b Configure the LDAP server settings, then click Add.

3 Click End User Management | User Management | Distribution Lists.

4 Select the LDAP Setting Name from the drop-down list, then click Get List.

5 Select the distribution list, then click Register.

Configuring user accountsCreate user accounts 8


6 To pull the registered distribution list users to MQM, create a User Synchronization task.

a Click Settings and Diagnostics | Task Manager.

b From the Task Type drop-down list, select User Synchronization.

c Specify when to run the task, enter the Task Name, then click Add.

Change user configuration settingsChange the settings for MQM-registered users.



2 Click End User Management | User Management | Account Management.

3 To locate the users you want to change, configure the search options.

a In Include, select the user categories to include in the search.

b Select the first letter of the user account. For example, select K to search all accounts startingwith K.

To search for all user accounts, click All.

To search by the user email address, enter it in the Email address field, then click Search.

4 In the View Results list, select the user you want to change, then click Modify.

5 Configure the available options, then click Apply.

8 Configuring user accountsChange user configuration settings


9 Managing quarantined items

View all email messages that contain detected and quarantined potential threats.

Contents Search quarantined items Take action on quarantined items Manage user submissions

Search quarantined itemsView information about all quarantined email messages that contain potential threats. You can use thefilters to refine your search and find the quarantined items with the required information.




3 Configure up to three filters.

4 Click Search.

5 On the View Results grid, select the quarantine items.

6 From the More Actions drop-down list, select an option, then click Go.

Tasks• Perform a quick search on page 57

Perform a quick search for quarantined items.

Perform a quick searchPerform a quick search for quarantined items.



2 Click Dashboard | Graphical Reports | Quarantined | Quick Search.

3 From the Time Span drop-down list, select the time period.

9


4 Select the Domain.

To select domains that are not managed by the MQM server, select Others.

5 Configure the remaining options, then click Search.

Take action on quarantined itemsSelect quarantined items to release, delete, or blacklist. More advanced actions are also available.




3 On the View Results grid, select the quarantine items.


Manage user submissionsFind and manage the quarantined items that users submit to McAfee Labs for analysis.



2 Click Quarantine Management | User Submissions.

3 Configure the search settings.

a Configure up to three filters.

b Specify the time range.

c From the Queue drop-down list, select the submission type.

d To search by domain, select the Domain from the drop-down list.

4 Click Search.

5 On the View Results list, select the user submissions.


9 Managing quarantined itemsTake action on quarantined items


10 Configuring tasks

Tasks are configurable actions that MQM performs at specified times.

Contents When to run tasks Schedule digest emails Synchronize and register user lists Send status reports Synchronize distribution lists

When to run tasksYou can configure and schedule a task to run later, or run an urgent task immediately.

Certain tasks must be completed on a regular basis. For example, schedule a task to automaticallypurge the MQM database and remove old quarantined items.

When you use LDAP authentication, you must synchronize MQM with the users list defined in yourLDAP server. Also, you must perform user-based tasks immediately, which include:

• Immediately send a quarantine summary to a user.

• Delete user-quarantined items.

• Send an urgent email to a user from MQM.

Schedule digest emailsCreate a task that schedules the delivery of digest emails to all users. Digest emails include a list ofquarantined items for a specified time period, and detailed summaries of quarantined items, blacklists,and whitelists.

We recommend that you run the email digest task at least once per week.


1 Select Menu | Policy | Policy Catalog.



c Click the policy you want to manage.

10


2 In Task Type, select Email Digest, and click Add.

3 Enter the task name, choose how often you want to send digest emails, then click OK.

Synchronize and register user listsCreate a task that synchronizes the list of LDAP server users, and registers the users for MQM. Youcan also synchronize added or changed user accounts in the registered LDAP distribution lists.



2 Click Settings and Diagnostics | Task Manager | Scheduled Tasks.

3 From the Task Type drop-down menu, select User Synchronization.

4 Specify when to run the task.

5 Enter the Task Name.

6 Click Add.

On the Task successfully added message window, click OK.

7 Select Menu | Policy | Policy Catalog..




8 In Task Type, select User Synchronization, and click Add.

9 Enter the task name, choose how often you want to synchronize users, then click OK.

When you select Delete users not found in the LDAP server, all users that are no longer available on the LDAPserver are removed.

Send status reportsCreate a task that sends status reports to administrators. Status reports contain detailed informationabout database sizing, counter status, task activities, and errors.



2 Select Settings and Diagnostics | Task Manager | Scheduled Tasks.

3 From the Task Type drop-down list, select Status Email.

10 Configuring tasksSynchronize and register user lists


4 From the Apply to Domains drop-down list, select the domains.

The domains you select receive the status email that contains the domain user quarantinedactivities. To send the status report to all Domain Administrators, select Select All. To send the statusemail to Domain Administrators not managed in MQM, select Others.



7 Click Add.






9 In Task Type, select Status Email, and click Add.

10 Enter the task name, choose how often you want to send status reports, then click OK.

Synchronize distribution listsCreate a task that regularly synchronizes distribution lists.



2 Select Settings and Diagnostics | Task Manager | Scheduled Tasks.

3 From the Task Type drop-down list, select DL Synchronization.



6 Click Add.






8 In Task Type, select DL Synchronization, and click Add.

9 Enter the task name, choose how often you want to synchronize distribution lists, then click OK.

Configuring tasksSynchronize distribution lists 10


10 Configuring tasksSynchronize distribution lists


11 Managing user submissions

When users submit suspicious email messages to McAfee Labs for analysis, you can manage the emailmessage submissions from the administrator interface.

Contents Manage user submissions View search results

Manage user submissionsFind and manage the quarantined items that users submit to McAfee Labs for analysis.



2 Click Quarantine Management | User Submissions.




c From the Queue drop-down list, select the submission type.

d To search by domain, select the Domain from the drop-down list.

4 Click Search.

5 On the View Results list, select the user submissions.


View search resultsExecute actions on selected quarantined items.


• Under View Results, execute actions on selected quarantined items.

11


11 Managing user submissionsView search results


12 Configuring and using the user interfaces

Create and manage your MQM account from the user interface on your desktop or mobile device.

Contents Access your MQM user account Use the mobile interface to manage quarantined emails

Access your MQM user accountTo create your MQM account , log on to the web-based MQM user interface.

Task1 In a web browser, go to http://<MQMServer>/MQMUserUI/<LocaleID>/LogOn.html.

2 Create your MQM account credentials.

a Click New user? Click here to register.

b On the McAfee Quarantine Manager User Registration page, enter your email address, then click Register.

c When the confirmation message appears, click OK.

MQM sends you an email with your password.

d Click Click here to return to the Log On page.

e On the McAfee Quarantine Manager User Log On page, enter your email address and password, thenclick Log on.

If your organization uses an LDAP server and your administrator has enabled LDAP authentication,you can log on to MQM with the LDAP account user name and password.

Tasks• Configure your MQM account on page 66

Configure the various settings for your MQM account.

• Submit spam samples to McAfee Labs on page 69When spam email messages are released to your mailbox by mistake and you want tosubmit it for analysis, submit them to McAfee Labs.

12


Configure your MQM accountConfigure the various settings for your MQM account.

Tasks• Configure the blacklist on page 66

Add the email addresses to your blacklist that frequently send you spam messages orunwanted emails.

• Configure the whitelist on page 66Add trusted email addresses to your whitelist. For example, business partners whoseemails you want to receive.

• Configure email aliases on page 67When you have more than one email address, you can add email aliases to your account.

• Change your password on page 67If you want to change your password, you can reset it.

• Configure quarantine report preferences on page 67Specify your preferences to receive quarantine activity reports.

• View email reassignments on page 68View the list of users and quarantine items that you manage.

Configure the blacklistAdd the email addresses to your blacklist that frequently send you spam messages or unwantedemails.


1 Log on to the user interface.

2 Click Your Account | Blacklist.

3 Enter the Email Address, then click Add.

4 Click Apply.

Configure the whitelistAdd trusted email addresses to your whitelist. For example, business partners whose emails you wantto receive.



2 Click Your Account | Whitelist.

3 Enter the Email Address, then click Add.

4 Click Apply.

12 Configuring and using the user interfacesAccess your MQM user account


Configure email aliasesWhen you have more than one email address, you can add email aliases to your account.

For example, assume the company you work for changes your email address and you want your oldemail address to remain active. If you add the old address as an alias, quarantined emails for eitheraddress reside in the same place. When you add an alias, the activation code is sent to the alias emailaddress. The changes show as pending activation and are not operational until you supply theactivation code.

When LDAP authentication is enabled, you can view any email aliases that exist for you in the LDAPserver, but you cannot change or add aliases.



2 Click Your Account | Email Aliases.

3 In the Name field, enter the email alias, then click Add.

4 Enter the Enter the activation code here, then click Activate.

5 Click Apply.

Change your passwordIf you want to change your password, you can reset it.



2 Click Your Account | Settings.

3 In the New password field, enter the password.

Your password must be alphanumeric and contain at least 8 characters. When the authenticationmode is set to LDAP User Accounts, you cannot change the password.

4 In the Confirm new password field, retype the password.

5 Click Apply.

Configure quarantine report preferencesSpecify your preferences to receive quarantine activity reports.



2 Click Your Account | Settings.

3 In Configuration Settings, specify your digest email preferences, then click Apply.

Configuring and using the user interfacesAccess your MQM user account 12


View email reassignmentsView the list of users and quarantine items that you manage.



2 Click Your Account | Email Reassignment.

Manage quarantined emailsView information about quarantined email messages that contain potential threats. You can use thefilters to refine your search, and find the quarantined items with the required information.


1 Click Quarantined Items, then configure up to three filters.

a Select the comparison criteria.

b Specify a match value using these wildcards:

• * — Matches to any number of characters

• ? — Matches a single character

• \\ — Matches any \ character in the search field

c To use more than one search filter, select the operator, then configure the settings for theremaining search filters.

2 From the All Dates or Date Rangedrop-down lists, select the dates you want.

3 To search quarantined items based on the classification, select the queue.

4 Click Search.

5 In the View Results list, select one or more emails, then choose the action.

To select or deselect all items in the View Results list, use the checkbox on the header row.

Manage quarantined emails from digest emailsTo manage your quarantine emails, use digest email actions.

The digest email is a customizable condensed report of all your quarantined items, blacklist, whitelist,and related quarantine activities. The information in the digest email depends on administratorconfigurations.

Task1 Open the digest email.

2 Complete the digest email actions.

A response message appears for each action, as configured by your administrator.

12 Configuring and using the user interfacesAccess your MQM user account


Manage quarantined emails from HTML attachmentsOpen HTML attachments in email digest notifications to apply actions to quarantined email messages.

Task1 Open the email digest notification, then open the attachment.

2 For each quarantined email message, select an action from the Action drop-down list.

3 Click Apply.

Submit spam samples to McAfee LabsWhen spam email messages are released to your mailbox by mistake and you want to submit it foranalysis, submit them to McAfee Labs.

Administrators review all email messages before they are sent to McAfee Labs for analysis. The moreemail messages that you submit, the more the message filtering improves.

Tasks• Submit spam samples from disks on page 69

Submit spam samples that are saved as .eml files on your computer.

• Submit spam samples with the McAfee Customer Submission Tool on page 69Submit spam samples from Microsoft Outlook using the McAfee Customer Submission Tool.

• Submit spam samples quarantined by mistake on page 70Submit samples of quarantined emails that were sent from trusted sources and categorizedas spam by mistake.

Submit spam samples from disksSubmit spam samples that are saved as .eml files on your computer.


1 From your email client, save the email as an .eml file.


3 Click Submit Spam Sample | Browse, then locate and open the .eml file.

4 Click Submit.

Submit spam samples with the McAfee Customer Submission ToolSubmit spam samples from Microsoft Outlook using the McAfee Customer Submission Tool.

Before you beginYour administrator must install the McAfee Customer Submission Tool.

Configuring and using the user interfacesAccess your MQM user account 12


Task1 From Microsoft Outlook, select the emails you want to submit as spam.

2 On the toolbar, click one of these spam options:

• Submit Spam — Submits the selected messages that MQM did not categorize as spam or phish.

• Submit Non-spam — Submits the selected messages that MQM incorrectly categorized as spam orphish.

3 On the Submit Spam or Phish page, select the actions, then click OK.

Submit spam samples quarantined by mistakeSubmit samples of quarantined emails that were sent from trusted sources and categorized as spamby mistake.



2 Select Quarantined Items, then select the email messages quarantined by mistake.

3 From the More Actions drop-down list, select Submit as Non-Spam, then click Go.

Use the mobile interface to manage quarantined emailsAccess the mobile user interface to manage quarantined email messages.

Access the mobile user interfaceYou can access the user interface on your mobile device from email digest notifications.

Task1 From your mobile device, navigate to your email inbox.

2 Open the mobile digest notification, then open the mobile user interface.

• On HTML mobile digest notifications, tap Manage Online.To delete all quarantined email messages, click Delete All.

• On plain text mobile digest notifications, tap url.

The format of the mobile digest notification depends on your mail server and email clientconfiguration.

12 Configuring and using the user interfacesUse the mobile interface to manage quarantined emails


Sort the list of quarantined email messagesOrganize the list of quarantined email messages by date or sender.

Task• On the mobile user interface, tap the Sort by drop-down list, then tap one of these options:

• Date — Organizes the list in descending or ascending order by the date of the quarantined emailmessage.

• Sender — Organizes the list in descending or ascending order by the sender of the quarantinedemail message.

A yellow circle appears next to the current selection.

View quarantined email messagesView the content of individual quarantined email messages.

Task1 On the mobile user interface, tap the quarantined email message subject.

A browser window opens that displays the quarantined email message information.

2 To expand the quarantined email message details, tap the arrow that appears to the right of theFROM email address.

3 To view the remaining quarantined email messages, choose one of these navigation pane options:

• Tap the left and right arrows.

• Tap the current quarantined email message number, then enter the number for the quarantinedemail message you want to see.

Apply actions to quarantined email messagesFrom your mobile device, you can add sender email addresses to the blacklist or whitelist, and deleteor release quarantined email messages.

Task1 On the mobile user interface, select an available action for each quarantined email message, then

tap Apply.

The amount of quarantined email messages you apply actions to appear next to Apply.

• To delete all quarantined email messages, click or tap Delete All, then tap Delete on theConfirm Delete window.

• Some actions might be disabled. To enable all actions, contact your administrator.

• When you select an action that applies to multiple quarantined email messages, theactions for the other quarantined email messages become disabled.

• By default, you can release only spam email messages to your inbox. To release allemail message types, contact your administrator.

2 On the Your quarantine was updated page, tap the action drop-down lists to view the completed actions.

To return to the list of quarantined email messages, tap quarantined messages remaining.

Configuring and using the user interfacesUse the mobile interface to manage quarantined emails 12


12 Configuring and using the user interfacesUse the mobile interface to manage quarantined emails


13 Configuring blacklists and whitelists

Use blacklists and whitelists to control access to your email inbox.

Contents Levels of blacklists and whitelists Export blacklists and whitelists Import blacklists and whitelists Manage blacklists and whitelists

Levels of blacklists and whitelistsBlacklists are lists of email addresses that users do not want to receive emails from, and whitelists arelists of email addresses that users want to receive emails from.

Users create personal blacklists and whitelists, which are used in addition to the global or groupblacklists that administrators maintain. Email messages from blacklisted addresses are blocked orquarantined. Emails sent to users are matched against blacklists. When matches are found, users donot receive the emails.

Email messages from whitelisted addresses are considered non-spam. Emails sent to users arematched against whitelists. When matches are found, users receive the emails. Messages fromwhitelisted email addresses are not subject to phish or spam scanning, but are subject to other typesof scanning.

In MQM, blacklists and whitelists are organized into three levels:

• Global — Blacklists or whitelists are maintained globally for the entire organization.

• Group — Blacklists or whitelists are maintained for each user group defined on connected McAfeeproducts.

• User — Blacklists or whitelists are maintained for individual users.

You can also add blacklists and whitelists sets of users, and to products connected to MQM.

Export blacklists and whitelistsExport user configurations, group blacklists and whitelists, and global blacklists and whitelists.




13


3 In Export, select the Export Type.

When you select User Configuration, select the domains from the Select Domains drop-down list.

When you select Group B/W List, select the groups from the Groups drop-down list.

4 Select the Domain, then click Export Configuration

5 On the File Download window, click Save.

The default file name is McAfeeBWList.xml.

Import blacklists and whitelistsTo use existing blacklists and whitelists in MQM, you must import them.

You can also import the global blacklist and whitelist.




3 In Import, click Browse.

4 Navigate to the blacklist or whitelist, then click Open.

5 Select Merge User configuration.

When you deselect Merge User configuration, the earlier user configuration is overwritten. You can alsouse the Merge User configuration option to merge aliases and reassign users.

6 Click Import Configuration.

MQM automatically detects the import file type and updates the database.

Manage blacklists and whitelists Add and remove email addresses from blacklists and whitelists.

You can also define user groups as lists of email addresses or references to existing user groups.

• Only Super Administrators and Operators can change global blacklists. DomainAdministrators have view access to global blacklists. When you add addresses groupblacklists, the addresses are also added to the connected McAfee product groupblacklists.

• Email addresses added to blacklists or whitelists are pushed to connected McAfeeproducts at regular intervals.

13 Configuring blacklists and whitelistsImport blacklists and whitelists




2 Click Blacklists and Whitelists | Organization.

3 To manage blacklists, click the Blacklists tab.

a In the Entry field, enter the email address that you want to blacklist.

b From the List Type drop-down list, select the email address list type, then click Search.

c Select the email addresses you want to add to the blacklist, then click Add.

d On the Entry successfully added to the user's blacklist window, click OK.

4 To manage whitelists, click the Whitelists tab.

a In the Entry field, enter the email address that you want to whitelist.

b From the List Type drop-down list, select the email address list type, then click Search.

c Select the email addresses you want to add to the whitelist, then click Add.

d On the Entry successfully added to the user's whitelist window, click OK.

Configuring blacklists and whitelistsManage blacklists and whitelists 13


13 Configuring blacklists and whitelistsManage blacklists and whitelists


14 Reporting

Use dashboards to identify and analyze quarantine data, and report your findings using reports.

Contents View quarantined data on the dashboard Generate multi-dimensional reports Generate Top 10 reports Generate advanced graphical reports Download a report

View quarantined data on the dashboardThe dashboard provides a high-level overview of MQM quarantined items.



2 Click Dashboard | Quarantined.

3 From the Domain(s) drop-down list, select the domain that contains the quarantined items you wantto view.

4 Click the graph icon next to the Queue Name that you want to add to the dashboard graph.

The graph automatically updates based on the selections you make.

Generate multi-dimensional reportsGenerate graphical reports that display statistics data in bar graphs.



2 Click Dashboard | Graphical Reports | Reports.

3 Configure the options, then click Generate.

14


Generate Top 10 reportsTo view and analyze quarantined email message data, generate graphical reports.



2 Click Dashboard | Graphical Reports | Default.

3 Configure the available options, then click Search.

Generate advanced graphical reportsView quarantined items in a detailed graph, and find detections with filters.



2 Click Dashboard | Graphical Reports | Advanced.

3 Select the Graph type.

4 Configure up to three search filters.

5 Specify the time range.

6 Click Search.

Download a reportDownload and save graphical reports as PDF or HTML files.



2 Click Dashboard | Graphical Reports | Reports.

3 Configure the report settings, then click Generate.

4 To convert the graphical report into a PDF file, click the PDF icon.

a To display the report as a PDF, click Open.

b To save the report as a PDF, click Save.

5 To convert the graphical report into an HTML file, click the Internet Explorer icon.

a To open the .zip file, click Open.

b To save the report, click Save.

14 ReportingGenerate Top 10 reports


MaintenanceMaintain the MQM components.

Chapter 15 Maintaining the serverChapter 16 Maintaining the databaseChapter 17 Uninstalling MQM and components


Maintenance


15 Maintaining the server

Manage server configurations, create database backups, release emails in bulk, and create McAfeeconnected products reassignment maps.

Contents View log entries Configure the diagnostics settings Configure communication between MQM and other products Configure advanced settings Configure the status email report settings Reassign quarantined email releases to different products Release emails in bulk

View log entriesView the health of the MQM server using event, warning, and error log entries.

Use the search filters to find log entries. Find information about an initiated or ended task, connectedor disconnected product, or an error regarding failure to push configuration settings to a product.



2 Click Settings and Diagnostics | Product Log.




4 Click Search.

Configure the diagnostics settingsSpecify the type of logging required, the level of debug tracing, and configure the error reportsettings.

15




2 Click Settings and Diagnostics | Diagnostics.

By default, events are logged in the product log.

3 On each tab, configure the available settings, then click Apply.

Configure communication between MQM and other productsConfigure the settings for MQM to communicate with McAfee products, LDAP servers, and mailservers.



2 Click Settings and Diagnostics | Communications | Default, then configure the options.

3 In McAfee Products, enter the Port Number.

4 In Mail Server, specify the details of the SMTP server that communicates with users.

5 Click LDAP Server, then specify the details of the LDAP server.

You can configure multiple LDAP servers.

6 Click Advanced, then configure the available options.

See also Configure certificates for secure SMTP communication on page 42

Configure advanced settingsConfigure the MQM advanced preferences. You can configure the preferences for McAfee ePO events,McAfee Labs submissions, session timeout, and dashboard refresh intervals.



2 Click Settings and Diagnostics | Advanced Settings | Settings.

The Settings tab is only available to Super Administrators and Operators. If you log on as a DomainAdministrator, the tab does not appear.

3 Expand each section and configure the options.

4 Click Apply.

5 Restart the MQM service.

15 Maintaining the serverConfigure communication between MQM and other products


Configure the status email report settingsPreview and customize the status email that is sent to administrators.



2 Click Settings and Diagnostics | Advanced Settings | Status Report Email.

3 Enter the status email report information, then click Edit.

4 On the Email content HTML code page, enter the details you want to appear in the status email,then click Save.

For example, to delete counter information, delete '%COUNTER_LIST%'.

Reassign quarantined email releases to different productsEnable releases of quarantined emails of one McAfee product through another. MQM releases an emailthrough the McAfee product that quarantined the email.

Reassign quarantined email releases to different products when a McAfee product is upgraded orunavailable.

Only Super Administrators and Operators can reassign McAfee Product IDs. If you log on as a DomainAdministrator, this option does not appear.

When McAfee Email and Web Security or McAfee Email Gateway appliance IDs change, you can releasethe old quarantined emails using the old appliance ID.



2 Click Settings and Diagnostics | Advanced Settings | McAfee Products Operations.

3 Select Enable McAfee Product Reassignment.

4 In the Old McAfee Product ID field, enter the McAfee product ID of the quarantined items.

5 In the New McAfee Product ID field, enter the McAfee product ID that executes the release.

6 Click Reassign.

The emails are sent to the reassigned McAfee product.

Release emails in bulkDefine parameters to release emails in bulk. You can release more than 100 emails.

Maintaining the serverConfigure the status email report settings 15




2 Click Settings and Diagnostics | Advanced Settings | McAfee Products Operations.

3 In Bulk Release, configure the search settings.

a To search for the emails you want to release, configure up to three search filters.


c Select the Domain.

4 Click Release.

See also Search quarantined items on page 57

15 Maintaining the serverRelease emails in bulk


16 Maintaining the database

Maintain the MQM database.

Contents Calculate the size of the database Optimize the MariaDB for MQM Optimize the Microsoft SQL Server database Back up the database

Calculate the size of the database Collect database size and disk space data.



2 Click Dashboard | Graphical Reports | Quarantined | Database Information.

3 Click Get Database Size.

If the database size is large, it might take some time to retrieve the data.

Optimize the MariaDB for MQMTo enhance the performance of MariaDB for MQM, you must optimize the database.

Task1 From the command prompt, go to the bin directory in the MariaDB for MQM installation folder.

2 To log on to MariaDB for MQM, execute the following command:

mysql --user=<database user name> --password=<database password> <database name>For example:

mysql --user=scott --password=tiger mqm

3 To optimize the database. execute the following command:

call pOptimize();When the optimization is complete, the MariaDB for MQM prompt appears.

4 To exit MariaDB for MQM, execute the following command:

quit

16


5 From the MariaDB for MQM installation folder, locate and edit the my.ini file.

6 Change the following parameters with the specified values:

Innodb_buffer_pool_size = 1G Innodb_Log_File_Size = 512M Innodb_Thread_Concurrency = 512

7 From the services console, restart the MariaDB for McAfee Quarantine Manager service.

Optimize the Microsoft SQL Server databaseTo enhance the performance of the Microsoft SQL Server database, you must optimize the database.

Task

1 Start SQL Server Management Studio.

2 Right-click the mqm database and select Properties.

3 In the left pane, click Files and change the following parameters in the right pane.

Initial size for Data file = (~30 GB)Autogrowth for Data file = 1 GBInitial size for log file = 1 GBAutogrowth for Log file = 512 MB

4 In the left pane, click Options, then change the Recovery model to Simple in the right pane.

5 Right-click Database Instance and select Properties.

6 In the left pane, click Advanced, then change the Network Packet Size to 32767 in the right pane.

7 Close SQL Server Management Studio.

Back up the database When a data loss occurs, you can restore MQM using a backup the existing database.

Tasks

• Database backup settings on page 87The database backup consists of several MQM settings.

• Back up the MySQL database on page 87To upgrade MQM, you must back up the MySQL database.

• Back up the Microsoft SQL Server database on page 87Back up the MQM database stored in Microsoft SQL server.

• Restore the Microsoft SQL Server database on page 88In case of data loss, restore the MQM database from an Microsoft SQL Server databasebackup.

• Back up MariaDB for MQM on page 88Back up your existing MariaDB for MQM, which comes packaged with MQM.

• Restore MariaDB for MQM on page 89In case of data loss, restore the MariaDB for MQM backup.

• Schedule a MariaDB for MQM backup task on page 89Schedule a MariaDB for MQM backup, which comes packaged with MQM.

16 Maintaining the databaseOptimize the Microsoft SQL Server database


Database backup settingsThe database backup consists of several MQM settings.

Table 16-1 Database backup settings

Setting Description

MQM user account Saves user information and email aliases.

Blacklists and whitelists Saves the global blacklists and whitelists maintained by administrators.

Dashboards Saves the report, MQM server, and quarantined item dashboard data.

Quarantined data Saves the quarantined data MQM stores in the database.

Back up the MySQL databaseTo upgrade MQM, you must back up the MySQL database.

Task1 Click Start | Run, type services.msc, then click OK.

2 From the Services window, stop the MQM service.

3 From the command prompt, go to the bin directory of the MySQL installation folder.

4 Execute the following command:

mysqldump --complete-insert -n --add-drop-table -R <Database> -u<DatabaseUser> -p<DatabaseUserPassword> -r"<CompletePathofBackupFile>" --max-allowed-packet=1024MFor example, if these are your variables:

• Database name — mqm






Back up the Microsoft SQL Server databaseBack up the MQM database stored in Microsoft SQL server.



3 Log on to Microsoft SQL Server Management Studio.

4 Navigate through the databases and select the MQM database.

5 Right-click the database and select Tasks | Back Up.

Maintaining the databaseBack up the database 16


6 On the Backup Database screen, configure the settings.

a From the Backup type drop-down list, select Full.

b From the Backup components drop-down list, select Database.

c From the Backup set will expire drop-down list, select After | 0.

d From the Destination drop-down list, select Disk.

e If you want to change the default backup location, click Add, then browse to the location.

f To save the backup file, click OK.

Restore the Microsoft SQL Server databaseIn case of data loss, restore the MQM database from an Microsoft SQL Server database backup.

Task1 Copy the backup file to the destination system.

2 On the destination system, log on to Microsoft SQL Server Management Studio.

3 Create, then select the database.

4 Right-click the database, then select Tasks | Restore.

5 On the Restore Database screen, configure the settings.

a From the To database drop-down list, select the database.

b From the Source for restore drop-down list, select From device and browse to the backup file (.bak) torestore.

Back up MariaDB for MQMBack up your existing MariaDB for MQM, which comes packaged with MQM.



3 From the command prompt, go to the bin directory of the MariaDB for MQM installation folder.

4 Execute the following command:

mysqldump --complete-insert -n --add-drop-table -R <Database> -u<DatabaseUser> -p<DatabaseUserPassword> -r"<CompletePathofBackupFile>" --max-allowed-packet=1024MFor example, if the database name is mqm, user name is root, password is dbase, and backuplocation is C:\Backups\MQM\MQMBackup.sql, use the following command:


16 Maintaining the databaseBack up the database


Restore MariaDB for MQMIn case of data loss, restore the MariaDB for MQM backup.



3 From the command prompt, go to the bin directory of the MariaDB for MQM installation folder.

4 Execute the following command: mysql -e "source <CompletePathofBackupFile>" -u<DatabaseUser> -p<DatabaseUserPassword> <Database>For example, if the database name is mqmv7, the user name is root, the password is dbase, andthe backup location is C:\Backups\MQM\MQMBackup.sql, use the following command: mysql -e"source C:\Backups\MQM\MQMBackup.sql" -u root -pdbase mqmv7

Schedule a MariaDB for MQM backup taskSchedule a MariaDB for MQM backup, which comes packaged with MQM.

Task1 Create a batch file with the following information:

md c:\backups\%DATE%\cd c:\backups\%DATE%\<InstallPath>\bin\mysqldump.exe --complete-insert -n --add-drop-table -R<database-name> -u <username> -p<password> -r "MQMBackup.sql"

2 Select Start | Control Panel | Scheduled Tasks | Add Scheduled Task.

3 Click Next and browse for the batch file.

4 Click Next.

5 To schedule the task and complete the wizard, follow the on-screen instructions.

Maintaining the databaseBack up the database 16


16 Maintaining the databaseBack up the database


17 Uninstalling MQM and components

To remove MQM from your computer, you must remove the MQM software and MariaDB for MQM.

Contents Uninstall the MQM software Uninstall MariaDB for MQM Uninstall MQM from McAfee ePO

Uninstall the MQM softwareRemove the MQM software from the server it is installed on.

Task

1 Click Start | Settings | Control Panel | Add or Remove Programs.

2 Select McAfee Quarantine Manager, then click Remove.

3 (Optional) Select Also Remove MQM data to remove the database created for storing quarantined items.

Selecting this option deletes the MQM database permanently.

Tasks• Uninstall a patch on page 91

If you experience issues with a patch, you can uninstall it, and return the software to aprevious state.

Uninstall a patchIf you experience issues with a patch, you can uninstall it, and return the software to a previous state.

We recommend uninstalling a patch only when absolutely necessary.

Task

1 Open the Services console, and stop the MQM service.

2 Copy and replace the directory files.

a Navigate to the MQM Installation Folder\Backup\ directory and copy the files.

b In the MQM Installation Folder directory, paste the files in the appropriate folders.

c Delete the Backup folder.

3 Open the Windows Registry Editor and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee|Quarantine Manager\SystemState\hfs.

17


4 Delete the Patch1 registry key.

5 Open the Services console, and start the MQM service.

Uninstall MariaDB for MQMRemove the MariaDB for MQM utility from the computer where it is installed.

Task

1 Click Start | Settings | Control Panel | Add or Remove Programs.

2 Select MariaDB for McAfee Quarantine Manager, then click Remove.

Uninstall MQM from McAfee ePORemove the MQM package, extensions, and MariaDB for MQM component from the client computersand McAfee ePO repository.

Tasks

• Remove MQM from client computers on page 92To remove MQM from client computers, use McAfee ePO.

• Remove the packages on page 93Uninstall the MQM packages from McAfee ePO.

• Remove the extensions on page 93Remove the MQM extensions from McAfee ePO.

Remove MQM from client computersTo remove MQM from client computers, use McAfee ePO.




3 Select the system, then click Actions | Agent | Modify Tasks on a Single System.

4 Select Actions | New Task.

5 On the Client Task Builder page, add a name and notes, select Product Deployment from the Typedrop-down list, then click Next.

6 In Configuration, configure the settings, then click Next.

a For Target Platforms, select Windows.

b For Products & Components, select McAfee Quarantine Manager 7.1.x.x.

c For Action, select Remove.

d Select the language.

e If you remove only one client computer, deselect Run at every policy enforcement (Windows only).

17 Uninstalling MQM and componentsUninstall MariaDB for MQM


7 To view a summary of the task, click Next, then click Save.

8 Send the agent wake-up call.

Remove the packagesUninstall the MQM packages from McAfee ePO.



2 Remove the MQM software package.

a Click Menu | Software | Master Repository.

b In the McAfee Quarantine Manager row, click Delete.

3 Remove the MariaDB for MQM package.

a Click Menu | Software | Master Repository.

b In the MariaDB for McAfee Quarantine Manager row, click Delete.

Remove the extensionsRemove the MQM extensions from McAfee ePO.



2 Click Menu | Software | Extensions.

3 Remove the MQM extension.

a From the Extensions pane, click McAfee | McAfee Quarantine Manager.

b Locate the McAfee Quarantine Manager extension, then click Remove.

c On the Remove Extension page, select Force removal, bypassing any checks or errors, then click OK.

4 Remove the MQM reports extension.

a From the Extensions pane, click McAfee | McAfee Quarantine Manager.

b Locate the MQM Reports extension, then click Remove.


5 Remove the MQM Help extension.

a From the Extensions pane, click McAfee | Help Content.

b Locate the MQM Help extension, then click Remove.


Uninstalling MQM and componentsUninstall MQM from McAfee ePO 17


17 Uninstalling MQM and componentsUninstall MQM from McAfee ePO


Index

Aabout this guide 7actions, quarantined items 58

administrator interface, rebranding 44

administrator typesdomain administrator 18

domain administrator alias 18

operator 18

super administrator 17

super administrator alias 17

administrators, using LDAP groups 43

advanced graphical reports 78

advanced settings 82

database 82

email notifications related 82

miscellaneous 82

status report email 83

submission to McAfee Labs 82

aliases, adding 67

authentication modes 18

Bbacking up the database, MariaDB for MQM 88

backing up the database, MySQL 87

blacklistsconfiguring 73

managing 66, 73, 74

types 73

bulk email, releasing 83

Ccalculate, database size 85

catch exceptions 81

centralized policy management, ePolicy Orchestrator 33

certificate authority 42

certificates, configuring 42

clusters, configuring on Windows servers 31

command-line argumentsMariaDB for McAfee Quarantine Manager 35

McAfee Quarantine Manager 36

communications, configuring 82

configurationadvanced settings 82

configuration (continued)blacklists 73

cluster 31

database 41

database settings 82

diagnostics 81

email notifications 82

high availability 15

MariaDB Linux 28

MariaDB Windows 28

McAfee Email and Web Security Appliance 41

McAfee Security for Microsoft Exchange 41

miscellaneous settings 82

reports 39

status report email 83

submission to McAfee Labs 82

whitelists 73

configuration push interval 82

configuration settings, changing 67

configurationscertificates 42

communications 82

LDAP server 82

conventions and icons used in this guide 7counters 77

custom queues 77

Ddashboard 77

dashboard counters, viewing 77

data leakage prevention 77

database backupcreating 86

settings 87

database configuration, Microsoft SQL Server 27

database settings, configuring 82

database size, calculating 85

databases, configuring 41

databases, supported 21

deploymentMariaDB for McAfee Quarantine Manager 35

McAfee Agent 34

McAfee Quarantine Manager 36

packages and extensions 34


diagnostics 81

diagnostics settings, configuring 81

digest email 68

digest emailsmanaging quarantine from 68

directory server groups 18

disks, submitting samples from 69

distribution lists, registering 55

documentationaudience for this guide 7product-specific, finding 8typographical conventions and icons 7

domain administrator aliases 18

domain administratorsadministrator type 18

assigning domains 50

domain configurations, changing 51

domainsexporting 50

importing 50

domains, creating 49

Eemail digest task, creating 59

email digest tasks, creating 40

email notifications, configuring 82

emails, view reassignments 68

encryption compliance 77

ePO, see McAfee ePO 34, 37

ePolicy Orchestratorconfiguring reports 39

creating policies 38

enforcing policies 38

installing the software using 33

integration 33

setting policies within 37

uninstalling the software using 92

error reports 81

extensionsdeploying 34

installation 37

Ffalse positives and negatives 77

Ggetting started 9graphical reports, advanced 78

group maps 51

Hhelp extensions, installing 37

high availability, configuring 15

Iinstallation

clusters 15

extensions 37

help extension 37

MariaDB 27

policy extensions 37

product files 29

reports extension 37

VMware support 13

interfaces, rebranding 44

item push interval 82

LLDAP groups, as administrators 43

LDAP server, configuring 82

logos, adding your company logo 44

logs 81

Mmagnify graphs 77

managequarantine 68

managementblacklists 66, 74

domains 49

quarantined items 57

user submissions 58, 63

whitelist 66

whitelists 74

management software, ePolicy Orchestrator 33

MariaDBinstalling 27

Linux, configuring 28

Windows, configuring 28

MariaDB for McAfee Quarantine Managerchecking in the package 34

command-line arguments 35

deploying on client computers 35

removing from client computers 92

removing the package 93

uninstalling 92

MariaDB for MQM, backing up and restoring 88

maximum communication retry 82

McAfee Agent, deploying 34

McAfee Email and Web Security Appliance, configuring 41

McAfee ePOdeploying packages and extensions 34

install extensions 37

managing Quarantine Manager 15

McAfee Product reassignment map, creating 83

McAfee products, supported 21

McAfee Quarantine Managerchecking in the package 34

Index


McAfee Quarantine Manager (continued)command-line arguments 36

deploying on client computers 36

installing 29

integrating with ePolicy Orchestrator 33

managing with McAfee ePO 15

rebranding 44

removing from client computers 92

removing the package 93

removing the product extension 93

testing 41

uninstalling 91

upgrading 29

McAfee Quarantine Manager, managing quarantined items 9McAfee Security for Microsoft Exchange, configuring 41

McAfee ServicePortal, accessing 8memory 21

Microsoft Outlook, submitting samples from 69

Microsoft SQL databasebacking up and restoring 87

restoring 88

Microsoft SQL Server, configuring 27

miscellaneous settings, configuring 82

mobile user interface, managing quarantined emails from 70

multi-dimensional reports, generating 77

MySQL, backing up and restoring 87

Ooperating systems, supported 21

operator, administrator types 18

Ppackages, deploying 34

packers 77

passwords, changing 67

patch, uninstall 91

phish 77

policies, ePolicy Orchestrator 38

policy extensions, installing 37

potentially unwanted programs 77

pre-installation 27

product files, downloading 28

product logs 81

product logs, viewing 81

purge tasks, creating 40

push interval, configuring 42

QQuarantine Manager accounts 18

quarantine messagesdelete 68

delete blacklist 68

delete whitelist 68

release 68

quarantine messages (continued)retain 68

quarantined itemsmanaging 57

submitting samples 70

quick search, performing 57

Rreassignment map 83

reportsconfiguring 39

downloading 78

generating 78

multi-dimensional 77

reports extension, installing 37

requirements 21

restoring the database, MariaDB for MQM 89

restricted rights, create administrators with 44

Ssample submissions 69

scheduled backup task, MariaDB for MQM 89

search results, user submissions 58, 63

searches, quarantined items 57

server administration 17

ServicePortal, finding product documentation 8settings, advanced 82

single sign on via http header 18

SMTP communication 42

spam samples, submitting 69

spam, data 77

statistics 77

status email task, creating 60

status email tasks, creating 40

status report emails, configuring 83

status reports 60

submissions to McAfee Labs, configuring 82

supported upgrades 29

system requirements 21

Ttechnical support, finding product information 8thread pool size 82

top 10 reports 78

transport layer security 42

Uunwanted content 77

upgrades, supported 21, 29

user accounts, configuring 66

user accounts, creating 55

user configurations, changing 56

user interfaceaccessing 65

Index


user submissions 63

user submissions, managing 58, 63

user synchronization 60

user synchronization tasks, creating 40, 60

usersimporting 54

importing from a file 54

users, importing from LDAP servers 53

users, registering automatically 53

Vview search results, user submissions 63

viruses 77

VMware 13

Wweb-based user interface

managing quarantined messages from 68

whitelistsconfiguring 73

managing 66, 73, 74

types 73

Windows components, required 21

Index


revision b product guide - mcafee€¦ · sort the list of quarantined email messages ... mcafee...

Documents