revision b product guide - mcafee€¦ · sort the list of quarantined email messages ... mcafee...
TRANSCRIPT
COPYRIGHT
Copyright © 2016 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com
TRADEMARK ATTRIBUTIONSIntel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee ActiveProtection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfeeTotal Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.Other marks and brands may be claimed as the property of others.
LICENSE INFORMATION
License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.
2 McAfee Quarantine Manager 7.1.1 Product Guide
Contents
Preface 7About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1 Introduction 9Managing quarantined items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Deployment2 Deployment options 13
Types of installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Virtual installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Installing MQM with McAfee ePO . . . . . . . . . . . . . . . . . . . . . . . . . 15Installing MQM in a cluster environment . . . . . . . . . . . . . . . . . . . . . 15
Types of interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Web-based interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Mobile interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Types of administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Super Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Domain Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Operator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Levels of authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3 Plan your deployment 21Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Deployment checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Setup4 Installation 27
Prepare your installation environment . . . . . . . . . . . . . . . . . . . . . . . . . 27Configure the Microsoft SQL Server database . . . . . . . . . . . . . . . . . . . 27Install MariaDB for MQM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Configure MariaDB for Linux or Microsoft Windows . . . . . . . . . . . . . . . . . 28
Download the product files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Install or upgrade the product files . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Install the product files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Upgrade to the latest version of MQM . . . . . . . . . . . . . . . . . . . . . . 29
Configure a cluster on a Windows server . . . . . . . . . . . . . . . . . . . . . . . . 31
5 Integrating MQM with McAfee ePO 33Install MQM onto your McAfee ePO server . . . . . . . . . . . . . . . . . . . . . . . . 33
McAfee Quarantine Manager 7.1.1 Product Guide 3
Deploy the McAfee Agent onto your client computers . . . . . . . . . . . . . . . . . . . 34Deploy the MQM packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Check in the MQM packages . . . . . . . . . . . . . . . . . . . . . . . . . . 34Deploy the MariaDB for MQM component . . . . . . . . . . . . . . . . . . . . . 35Deploy MQM on client computers . . . . . . . . . . . . . . . . . . . . . . . . 36
Install the MQM extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Configure policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Create policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Enforce policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Configure reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Configure tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
6 Post-installation tasks 41Test the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Configure the database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Configure certificates for secure SMTP communication . . . . . . . . . . . . . . . . . . . 42Configure the configuration push interval . . . . . . . . . . . . . . . . . . . . . . . . 42Rebrand MQM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Customize the user interface URL . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Configuration and use7 Configuring domains 49
Create a domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Assign domains to Domain Administrators . . . . . . . . . . . . . . . . . . . . . . . . 50Assign domains to groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Change domain configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . 51
8 Configuring user accounts 53Add users to MQM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Register users automatically . . . . . . . . . . . . . . . . . . . . . . . . . . 53Import users to MQM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Create user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Register distribution lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Change user configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . 56
9 Managing quarantined items 57Search quarantined items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Perform a quick search . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Take action on quarantined items . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Manage user submissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
10 Configuring tasks 59When to run tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Schedule digest emails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Synchronize and register user lists . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Send status reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Synchronize distribution lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
11 Managing user submissions 63Manage user submissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63View search results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
12 Configuring and using the user interfaces 65Access your MQM user account . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Configure your MQM account . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Contents
4 McAfee Quarantine Manager 7.1.1 Product Guide
Manage quarantined emails . . . . . . . . . . . . . . . . . . . . . . . . . . 68Submit spam samples to McAfee Labs . . . . . . . . . . . . . . . . . . . . . . 69
Use the mobile interface to manage quarantined emails . . . . . . . . . . . . . . . . . . 70Access the mobile user interface . . . . . . . . . . . . . . . . . . . . . . . . 70Sort the list of quarantined email messages . . . . . . . . . . . . . . . . . . . . 71View quarantined email messages . . . . . . . . . . . . . . . . . . . . . . . . 71Apply actions to quarantined email messages . . . . . . . . . . . . . . . . . . . 71
13 Configuring blacklists and whitelists 73Levels of blacklists and whitelists . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Export blacklists and whitelists . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Import blacklists and whitelists . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Manage blacklists and whitelists . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
14 Reporting 77View quarantined data on the dashboard . . . . . . . . . . . . . . . . . . . . . . . . 77Generate multi-dimensional reports . . . . . . . . . . . . . . . . . . . . . . . . . . 77Generate Top 10 reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78Generate advanced graphical reports . . . . . . . . . . . . . . . . . . . . . . . . . . 78Download a report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Maintenance15 Maintaining the server 81
View log entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Configure the diagnostics settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Configure communication between MQM and other products . . . . . . . . . . . . . . . . 82Configure advanced settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Configure the status email report settings . . . . . . . . . . . . . . . . . . . . . . . . 83Reassign quarantined email releases to different products . . . . . . . . . . . . . . . . . 83Release emails in bulk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
16 Maintaining the database 85Calculate the size of the database . . . . . . . . . . . . . . . . . . . . . . . . . . . 85Optimize the MariaDB for MQM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85Optimize the Microsoft SQL Server database . . . . . . . . . . . . . . . . . . . . . . . 86Back up the database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Database backup settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Back up the MySQL database . . . . . . . . . . . . . . . . . . . . . . . . . . 87Back up the Microsoft SQL Server database . . . . . . . . . . . . . . . . . . . . 87Restore the Microsoft SQL Server database . . . . . . . . . . . . . . . . . . . . 88Back up MariaDB for MQM . . . . . . . . . . . . . . . . . . . . . . . . . . . 88Restore MariaDB for MQM . . . . . . . . . . . . . . . . . . . . . . . . . . . 89Schedule a MariaDB for MQM backup task . . . . . . . . . . . . . . . . . . . . . 89
17 Uninstalling MQM and components 91Uninstall MQM from McAfee ePO . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Remove MQM from client computers . . . . . . . . . . . . . . . . . . . . . . . 92Remove the packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Remove the extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Index 95
Contents
McAfee Quarantine Manager 7.1.1 Product Guide 5
Preface
This guide provides the information you need to work with your McAfee product.
Contents About this guide Find product documentation
About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.
AudienceMcAfee documentation is carefully researched and written for the target audience.
The information in this guide is intended primarily for:
• Administrators — People who implement and enforce the company's security program.
• Users — People who use the computer where the software is running and can access some or all ofits features.
ConventionsThis guide uses these typographical conventions and icons.
Italic Title of a book, chapter, or topic; a new term; emphasis
Bold Text that is emphasized
Monospace Commands and other text that the user types; a code sample; a displayed message
Narrow Bold Words from the product interface like options, menus, buttons, and dialog boxes
Hypertext blue A link to a topic or to an external website
Note: Extra information to emphasize a point, remind the reader of something, orprovide an alternative method
Tip: Best practice information
Caution: Important advice to protect your computer system, software installation,network, business, or data
Warning: Critical advice to prevent bodily harm when using a hardware product
McAfee Quarantine Manager 7.1.1 Product Guide 7
Find product documentationOn the ServicePortal, you can find information about a released product, including productdocumentation, technical articles, and more.
Task1 Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab.
2 In the Knowledge Base pane under Content Source, click Product Documentation.
3 Select a product and version, then click Search to display a list of documents.
PrefaceFind product documentation
8 McAfee Quarantine Manager 7.1.1 Product Guide
1 Introduction
McAfee®
Quarantine Manager (MQM) consolidates the quarantine and anti-spam managementfunctionality of multiple McAfee products.
Managing quarantined itemsMQM provides a central point to analyze and act on quarantined emails and files that are identified asspam, phish, viruses, potentially unwanted programs, or other unwanted content.
When incoming email messages pass through email processing or scanning products, the productssearch the messages for unwanted content. Depending on the search results, the processing andscanning products forward the message to the mail server, delete the message, or forward it to theMQM server.
Figure 1-1 MQM supported products workflow
Item Definition
1 McAfee processing or scanning product, such as McAfee® Email Gateway and McAfee® Securityfor Microsoft Exchange (MSME)
2 Mail server
3 MQM server
1
McAfee Quarantine Manager 7.1.1 Product Guide 9
DeploymentBefore you deploy MQM on your network, consider your options and createyour deployment plan.
Chapter 2 Deployment optionsChapter 3 Plan your deployment
McAfee Quarantine Manager 7.1.1 Product Guide 11
2 Deployment options
MQM offers several options to meet your deployment needs.
Contents Types of installations Types of interfaces Types of administrators Levels of authentication
Types of installationsMQM offers three types of installations.
Virtual installationInstall MQM on a virtual server to allow for multiple installations of MQM to run on the same system.
You can install MQM and the database as a virtual machine and host it on a VMware ESX server.
When you install the VMware ESX server on a physical server, you can add separate virtual machinesfor MQM and other supported McAfee products.
2
McAfee Quarantine Manager 7.1.1 Product Guide 13
The supported email scanning product receives email messages from resources outside of thenetwork, such as the Internet. The scanning product scans each message for viruses, spam, and otherunwanted content. If the message is free from unwanted content, the messages are routed to thenetwork mail server. If the message contains any unwanted content, then the message is routed toMQM.
Figure 2-1 Virtual environment
Item Description
1 Virtual machine 1, which includes supported McAfee email scanning product.
2 Virtual machine 2, which includes:• MQM server
• Database
3 VMware ESX server
4 Physical server
2 Deployment optionsTypes of installations
14 McAfee Quarantine Manager 7.1.1 Product Guide
Installing MQM with McAfee ePOMQM installs as a McAfee
®
ePolicy Orchestrator®
(McAfee ePO™
) extension, which allows you to managethe MQM server and client systems from the McAfee ePO interface.
When you integrate MQM with McAfee ePO, you install MQM on the McAfee ePO server. McAfee ePOthen deploys the MQM packages and extensions on client computers.
Figure 2-2 MQM and McAfee ePO integration
Item Definition
1 McAfee ePO server
2 Client computer
The system running MQM also requires McAfee®
Agent. McAfee Agent runs on every system managedby the McAfee ePO server and is responsible for collecting and sending McAfee ePO information aboutMQM installations, policies, and events.
For more information on McAfee ePO, see the McAfee ePolicy Orchestrator Installation Guide andMcAfee ePolicy Orchestrator Product Guide.
Installing MQM in a cluster environmentTo make sure that MQM is always available, you can install MQM in a cluster environment.
When you set up a cluster environment with two servers, also known as nodes, you can install MQMon both nodes and configure them to share data. The common MQM configuration data resides on theshared drive.
If failure occurs on the active node, where MQM is running, the services automatically transfer to thepassive node. When a failover operation is in progress, administrators receive an email notification.
Deployment optionsTypes of installations 2
McAfee Quarantine Manager 7.1.1 Product Guide 15
Example: The active node disconnects from the network for routine maintenance. The services fromthe disconnected active node automatically transfer to the passive node.
Figure 2-3 Two-node cluster environment
Item Definition
1 Active node
2 Passive node
3 Shared drive
Types of interfacesMQM is comprised of web-based and mobile interface portals designed specifically for administratorand user needs.
Web-based interfacesMQM is comprised of two web-based interface portals.
Administrator interface — Provides administrators with a single, central point for configuring andmanaging MQM
User interface — Users log on with their credentials to access and manage these settings:
• Quarantined email information
• Spam submissions
2 Deployment optionsTypes of interfaces
16 McAfee Quarantine Manager 7.1.1 Product Guide
• Blacklist and whitelist
• Account settings
Mobile interfaceUsers can view the user interface on their mobile device to manage quarantined email messages.
Table 2-1 Mobile user interface actions
Action Definition
When applied, MQM completes these actions:• Adds the sender email address to the blacklist
• Deletes the email message
When applied, MQM completes these actions:• Adds the sender email address to the whitelist
• Releases the email message
Deletes the email message.
Releases the email message.
Types of administratorsTo manage the MQM server, MQM uses role-based access to assign different sets of administratorpermissions.
Contents Super Administrator Domain Administrator Operator
Super AdministratorYou create the Super Administrator account when you install MQM and log on to the web-basedadministrator interface.
The Super Administrator can access and manage all configurable MQM settings, including:
Deployment optionsTypes of administrators 2
McAfee Quarantine Manager 7.1.1 Product Guide 17
• Administrator roles and permissions • Task management
• Domain management • User submissions
• User accounts • General maintenance
• Quarantined items
You can also create the Super Administrator alias, which is a peer to the Super Administrator. A SuperAdministrator alias is unable to create another Super Administrator alias.
Domain AdministratorThe Domain Administrator manages their assigned domain, which is configured in MQM.
Administrators that manage the domain can add blacklists and whitelists for the groups assigned.
You can also create the Domain Administrator alias, which is a peer to the Domain Administrator. TheDomain Administrator alias is unable to create another Domain Administrator alias.
OperatorOperators have similar rights and permissions as the Super Administrator.
Operators are unable to:
• View the body of quarantined email messages.
• Download or forward quarantined items.
• Modify administrator authentication.
Levels of authenticationDifferent levels of authentication modes are available for administrators.
• Directory Server Groups — Authenticates LDAP groups as administrators. When you assign administratorrights to LDAP groups, all the LDAP group users are automatically assigned administrator rights.
• Quarantine Manager Accounts — Administrators authenticated on the MQM server. The MQM server storesthe administrator logon information and executes the authentication.
• Single Sign on via HTTP header — Uses an HTTP header as the logon ID.
The Single Sign on via HTTP header mode is used when an external server completes authentication. Theexternal server forwards the request to MQM.
Administrator authentications can switch from one mode to another. When you switch authentication,the previous authentication and domain associations with administrators become invalid. You mustalso configure the Super Administrator account for the new authentication.
For example, you have MQM administering abc.com and xyz.com domains, and the authenticationmode is Quarantine Manager Accounts. You are also the Super Administrator with the [email protected] ID,and you assigned both domains to the [email protected] Domain Administrator.
When you switch to a different authentication mode, such as LDAP, all the administrator accounts anddomain assignments become invalid.
2 Deployment optionsLevels of authentication
18 McAfee Quarantine Manager 7.1.1 Product Guide
When you create new administrators and assign domains under new authentication, the administratorconfiguration under Quarantine Manager Accounts remains deactivated. The administrators and domainsremain on the server.
Deployment optionsLevels of authentication 2
McAfee Quarantine Manager 7.1.1 Product Guide 19
3 Plan your deployment
Before you install MQM, verify that you have everything you need, and that your environment meetsthe minimum system requirements.
Contents Requirements Deployment checklist
RequirementsTo ensure that your deployment is successful, your environment must meet the minimumrequirements.
Important considerations
• You must install MQM on a dedicated machine without any other McAfee products, mail servers, orsimilar applications installed, including:
• McAfee Security for Microsoft Exchange
• McAfee ePO
• MQM uses Microsoft Cluster Services to install MQM in a two-node cluster environment.
• We recommend that you use a minimum 1024 x 768 pixel screen resolution.
• MQM supports up to 200,000 users.
Table 3-1 Requirements
Component Requirement
Server-classoperating system
Install MQM on any of these 64-bit server-class operating systems:• Microsoft Windows 2008 Server R2 SP1
• Microsoft Windows Server 2012
• Microsoft Windows Server 2012 R2
VMware MQM supports these versions of VMware:• 5.0
• 5.1
• 5.5
3
McAfee Quarantine Manager 7.1.1 Product Guide 21
Table 3-1 Requirements (continued)
Component Requirement
Databases MQM supports these databases:• MariaDB 10.0.20 (available in the MQM download package)
• Microsoft SQL Server 2008
• Microsoft SQL Server 2008 R2
• Microsoft SQL Server 2012
• When you use Microsoft SQL Server as the database, ensure theSQL Native Client driver is installed on the MQM system.
• Ensure that you install the MariaDB for MQM on a drive withenough free space.
• The available free space should be at least 150% of the currentdatabase size at all times.
• MQM supports a maximum database size of 500 GB.
Directory MQM supports these directory services:• Microsoft Active Directory • OpenLDAP
• IBM Domino Directory • Sun Java System DirectoryServer
• Novell eDirectory
Hardware memory 2 GB available RAM
Disk space 160 GB with NTFS file system
Networkrequirements
100/1000 Mbps Ethernet card
Upgrades MQM supports these upgrades:• 7.0.1
• 7.0.1 Rollup1
• 7.1.0
• 7.1.0 Patch 1
Processor 2 virtual processors
Messaging servers MQM supports these messaging servers:• Novell GroupWise Mail
• Sun Java System
• Microsoft Exchange
Email clients MQM supports these email clients:• Microsoft Outlook 2007 • IBM Lotus Notes 7.0
• Microsoft Outlook 2010 • Novell Groupwise
• Microsoft Outlook 2013 • Sun Java Convergence
• Microsoft Outlook Express
3 Plan your deploymentRequirements
22 McAfee Quarantine Manager 7.1.1 Product Guide
Table 3-1 Requirements (continued)
Component Requirement
McAfee products MQM supports these McAfee products:• McAfee Email Gateway
• McAfee Security for Microsoft Exchange
• McAfee Security for Lotus Domino (Windows and Linux)
• McAfee® Email and Web Security 5.6 (RPC Channel only)
• McAfee® ePolicy Orchestrator® (McAfee ePO™) 5.1.3 and 5.3.1
Internet browsers Web-based components require one of these supported Internet browsers:• Microsoft Internet Explorer 9.0, 10.0, and 11.0
• Mozilla Firefox 17 and later
• Google Chrome 40 and later
Mobile operatingsystem
You can access the MQM user interface and mobile digest from these mobileoperating systems:• Apple iOS 8.3
• Android OS 4.4.2
Windows component Internet Information Service 6.0 (IIS) and later
Communication ports • We recommend that you do not change the default communication protocoland port between MQM and McAfee products.
• You can use HTTP on port 80 or legacy non-HTTP on port 49500.
• Open port 80 or 49500 for both directions on any firewalls between MQMand McAfee products.
Deployment checklistTo make sure that your network is ready to install MQM, review the deployment checklist.
Determine... Verified
If your environment meets all minimum requirements
The location of the network server where you plan to install the MQM software
If you have administrator rights on all servers you intend to use
If you plan to install the MQM software for high availability. For high availability, do thefollowing:• Determine which servers to include in the cluster.
• Gather the IP addresses for each server.
• If you have firewalls running on the server in your cluster, you must open the ports usedfor communication.
If you plan to deploy MQM and the database as a virtual machine
Plan your deploymentDeployment checklist 3
McAfee Quarantine Manager 7.1.1 Product Guide 23
Determine... Verified
That you install these databases on a computer where no other database product isinstalled:• MariaDB for McAfee Quarantine Manager
• Microsoft SQL Server 2008
• Microsoft SQL Server 2008 R2
• Microsoft SQL Server 2012
If you want to use the Microsoft SQL Server 2008 or 2012 that is installed on a differentcomputerIf so, ensure that the Microsoft SQL Server Native Client is installed on the MQM server.
The authentication level you want to use to access the administrator and user interfaces
Which users to assign these administrator roles:• Super Administrator
• Domain Administrator
• Operator
That MQM can communicate over the network with connected McAfee products
3 Plan your deploymentDeployment checklist
24 McAfee Quarantine Manager 7.1.1 Product Guide
SetupInstall the MQM software on your computer, and complete thepost-installation tasks.
Chapter 4 InstallationChapter 5 Integrating MQM with McAfee ePOChapter 6 Post-installation tasks
McAfee Quarantine Manager 7.1.1 Product Guide 25
4 Installation
Prepare your installation environment and install MQM on its own, or in a cluster environment.
Contents Prepare your installation environment Download the product files Install or upgrade the product files Configure a cluster on a Windows server
Prepare your installation environmentSet up the appropriate database environment for your MQM installation.
Configure the Microsoft SQL Server databaseConfigure the settings for the existing Microsoft SQL Server database for MQM.
Task1 On the SQL Server, enable Mixed mode authentication.
2 Create a database user with Server Role as sysadmin.
3 Create a blank database to use with MQM, and assign the user you created as the owner of thedatabase.
4 Install Microsoft SQL Server Native Client on the MQM server.
Install MariaDB for MQMYou can install MariaDB for MQM and MQM on two different servers or on the same server.
Task1 From the MariaDB for McAfee Quarantine Manager directory, extract the .zip file to a temporary directory,
then click SETUP.EXE.
2 Click Next and follow the on-screen instructions.
3 In the Database Server Settings dialog box, specify these configuration settings for MariaDB for McAfeeQuarantine Manager:• Username — The default user name is root.
• Password — The default password is root.
• Database name — The default database name is mqm.
4
McAfee Quarantine Manager 7.1.1 Product Guide 27
• Port number — The default port number is 3306.
• MQM Super Administrator Username and Password — The default user name is [email protected] andthe default password is super123.
4 In the Ready to Install dialog box, click Next.
5 Click Finish.
Configure MariaDB for Linux or Microsoft WindowsConfigure the parameters for the existing MariaDB 10.0.20 database.
Add the following parameters in the "MY.CNF" / "MY.INI" file:
Parameter Value
default_storage_engine InnoDB
lower_case_table_names 1
max_allowed_packet At least 150 M (where M represents MB)
max_connections At least 100
innodb_file_per_table 1
The following parameter settings are recommended.
Parameter Value
max_allowed_packet 1024 M (where M represents MB)
max_connections 500
innodb_flush_log_at_trx_commit 0
innodb_support_xa 0
innodb_locks_unsafe_for_binlog 1
innodb_doublewrite 0
• All "innodb_*" parameters must be uncommented.
• External MariaDB database on Linux and Microsoft Windows is supported only withInnoDB engine.
Download the product filesDownload the MQM product files from the McAfee Downloads page.
Task1 Go to the McAfee Downloads page.
2 Enter your grant number, then click Go.
3 Go to Quarantine Manager, and select the version.
4 Download the appropriate installation file.
4 InstallationDownload the product files
28 McAfee Quarantine Manager 7.1.1 Product Guide
Install or upgrade the product filesTo complete the installation, install or upgrade the MQM product files on your supported server-classoperating system.
Install the product filesInstall the MQM product files on your computer.
Task
1 Locate and unzip the downloaded MQM product files.
2 Double-click the MQM setup.exe file.
3 Follow the on-screen command prompts.
4 Enter the port number that IIS uses to hosts the MQM web-based interface.
The default value is 80.
5 Click Finish.
6 To restart the computer, click Yes.
Upgrade to the latest version of MQM Upgrade the previous version of the MQM software to the latest version.
Tasks
• Upgrade the MQM product files on page 29Upgrade the MQM product files to the latest version.
• Upgrade MySQL for MQM to MariaDB for MQM on page 30Upgrade the MQM database to the latest version.
Upgrade the MQM product filesUpgrade the MQM product files to the latest version.
Task
1 Stop the MQM service.
2 Back up the database.
3 Start the MQM service.
4 Install the latest version of MQM.
The database is automatically migrated.
When you log on to MQM during database migration, the following message appears:
Migration of database is in progress. Please try after some time. Migration Status: <Y>out of <X> tables completed.
5 To make sure the interface displays correctly, clear the browser cookies and temporary Internetfiles, then restart the browser.
See also Back up the database on page 86
InstallationInstall or upgrade the product files 4
McAfee Quarantine Manager 7.1.1 Product Guide 29
Upgrade MySQL for MQM to MariaDB for MQMUpgrade the MQM database to the latest version.
Task1 Stop the MQM service.
2 From the command prompt, go to the MySQL installation folder, navigate to the bin directory, andexecute the following command:
mysqldump --complete-insert -n --add-drop-table -R <Database> -u<DatabaseUser> -p<DatabaseUserPassword> -r“<BackupLocation>” --max-allowed-packet=1024MFor example, if these are your variables:
• Database name — mqm
• User name — root
• Password — dbase
• Backup location — C:\Backups\MQM\MQMBackup.sql
Use the following command:
mysqldump --complete-insert -n --add-drop-table -R mqm -u root -pdbase -r "C:\Backups\MQM\MQMBackup.sql" --max-allowed-packet=1024M
3 Uninstall MySQL for MQM, then install MariaDB for MQM.
4 In the my.ini file, change the innodb_log_file_size parameter to 256M.
a From the MariaDB installation directory, open the data folder, then open the my.ini file forediting.
b Locate the [mysqld] section, change the innodb_log_file_size parameter value to 256M, thensave the file.
5 Restart MariaDB for MQM.
6 From the command prompt, go to the bin directory in the MariaDB installation folder and executethe following command:
mysql -e "source <CompletePathofBackupFile>" -u<DatabaseUser> -p<DatabaseUserPassword> --max_allowed_packet=1024M --default-character-set=utf8 <Database>For example, if these are your variables:
• Database name — mqmv7
• User name — root
• Password — dbase
• Backup location — C:\Backups\MQM\MQMBackup.sql
Use the following command:
mysql -e "source C:\Backups\MQM\MQMBackup.sql" -uroot -pdbase --max_allowed_packet=1024M --default-character-set=utf8 mqmv7
4 InstallationInstall or upgrade the product files
30 McAfee Quarantine Manager 7.1.1 Product Guide
7 Start the MQM service, then log on and verify that:
• The data migration was successful
• Users can log on to MQM
8 In the my.ini file, edit the innodb_log_file_size parameter to 32M.
a From the MariaDB installation directory, open the data folder, then open the my.ini file forediting.
b Locate the [mysqld] section, change the innodb_log_file_size parameter value to 32M, thensave the file.
9 Restart MariaDB for MQM.
See also Configure the database on page 41Test the installation on page 41
Configure a cluster on a Windows serverSet up a cluster environment with MQM running on a Windows 2008 R2 SP1, Windows 2012, orWindows 2012 R2 server.
Task1 Perform the full installation process on both nodes.
2 Click Start | Administrative Tools | Failover Cluster Manager.
3 Right-click Services and applications, then select Configure a Service or Application.
4 Configure the High Availability Wizard options.
a Select Select Service or Application | Other Server, then click Next.
b On the Client Access Point page, enter the Name and IP Address to access the MQM resources, thenclick Next.
c On the Select Storage page, select the storage that MQM uses to store shared data, then click Next.
d On the Select Resource Types page, select McAfee MQM Cluster Framework, then click Next.
e Configure the remaining options, then click Finish.
5 From the console tree, select the cluster.
6 On the MQM clustering service Summary page, right-click New McAfee MQM Cluster Framework and selectProperties.
a On the New McAfee MQM Cluster Framework Properties window, click the Properties tab.
b In the Value column, enter the shared drive location for the Shared_Data_Drive.
c Click the Policies tab.
d Enter the Maximum restarts in the specified period value.
e Select If restart is unsuccessful, failover all resources in this service or application.
InstallationConfigure a cluster on a Windows server 4
McAfee Quarantine Manager 7.1.1 Product Guide 31
f Click the Dependencies tab and verify that the appropriate dependencies appear.
g Click OK.
4 InstallationConfigure a cluster on a Windows server
32 McAfee Quarantine Manager 7.1.1 Product Guide
5 Integrating MQM with McAfee ePO
McAfee ePO provides a scalable platform for centralized policy management and enforcement on yourMcAfee security products and systems where they reside. It also provides comprehensive reportingand product deployment capabilities, all through a single point of control.
McAfee recommends that you are familiar with the McAfee ePO software before you start theintegration.
This guide does not provide detailed information about installing or using McAfee ePO software. See theePolicy Orchestrator Product Guide and the ePolicy Orchestrator Installation Guide.
Contents Install MQM onto your McAfee ePO server Deploy the McAfee Agent onto your client computers Deploy the MQM packages Install the MQM extensions Configure policies Configure reports Configure tasks
Install MQM onto your McAfee ePO serverExtract the MQM package onto your McAfee ePO server.
Task1 Log on to the McAfee ePO server as an administrator.
2 Create a temporary directory on your local drive.
3 Extract these MQM package folders to a temporary directory.
• McAfee Quarantine Manager
• MariaDB for McAfee Quarantine Manager
• ePO
From the ePO folder, use the policies, reports, and Help .zip files to install the McAfee ePOextensions.
5
McAfee Quarantine Manager 7.1.1 Product Guide 33
Deploy the McAfee Agent onto your client computersMcAfee Agent is the distributed component of McAfee ePO that you must install on each networksystem that you want to manage.The agent collects and sends information to the McAfee ePO server. It also installs and updates theendpoint products, and applies your endpoint policies. McAfee ePO manages only systems that havethe McAfee Agent installed.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the McAfee ePO server as an administrator.
2 Click Menu | Systems | System Tree.
3 On the Systems tab, select This Group Only from the Preset drop-down list.
If the group does not have systems, but has subgroups with systems, select This Group and AllSubgroups from the Preset drop-down list.
4 Select one or more systems from the list, then click Actions | Agent | Deploy Agents.
5 On the Deploy McAfee Agent page, verify the settings, then click OK.
It takes a few minutes for the McAfee Agent to install and for client systems to retrieve andexecute the installation packages for the endpoint products. When first installed, the agentdetermines a random time within 10 minutes for connecting to the McAfee ePO server to retrievepolicies and tasks.
There are many other ways to deploy the McAfee Agent. For more information, see the ePolicyOrchestrator Product Guide or online Help.
Deploy the MQM packagesDeploy MQM packages on client computers to manage them using McAfee ePO.
Check in the MQM packagesCheck in the MQM and MariaDB for MQM packages to the McAfee ePO Master Repository.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the McAfee ePO server as an administrator.
2 Click Menu | Software | Master Repository.
3 Check in the MQM package.
a On the Packages in Master Repository page, click Actions | Check In Package.
b On the Check in Package page, select Product or Update as the Package type.
c Click Browse, then navigate and select the MQM server .zip file.
d Click Next.
e On the Package Options page, verify that the information is correct, then click Save.
5 Integrating MQM with McAfee ePODeploy the McAfee Agent onto your client computers
34 McAfee Quarantine Manager 7.1.1 Product Guide
4 Check in the MariaDB for MQM package.
a On the Packages in Master Repository page, click Actions | Check In Package.
b On the Check in Package page, select Product or Update as the Package type.
c Click Browse, then navigate and select the MQMDB.zip file.
d Click Next.
e On the Package Options page, verify that the information is correct, then click Save.
Deploy the MariaDB for MQM componentAdd the MariaDB for MQM component to McAfee ePO-managed client computers.
Tasks
• Deploy the MariaDB for MQM component using McAfee ePO on page 35Use the McAfee ePO interface to add the MariaDB for MQM component.
• Deploy the MariaDB for MQM component using the command line on page 35To deploy the MariaDB for MQM with the command line using customized values, enter theparameters separated by a space.
Deploy the MariaDB for MQM component using McAfee ePOUse the McAfee ePO interface to add the MariaDB for MQM component.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the McAfee ePO server as an administrator.
2 Click Menu | Systems | System Tree.
3 Select the system, then click Actions | Agent | Run Client Task Now.
4 Configure the task options.
a On the Product list, select McAfee Agent.
b On the Task Type list, select Product Deployment.
c Click Create New Task.
5 Select the Target platforms.
6 Configure the Products and components options.
a From the drop-down list, select MariaDB for McAfee Quarantine Manager.
b From the Action drop-down list, select Install.
7 Click Run Task Now.
8 When the task completes, click Close.
Deploy the MariaDB for MQM component using the command lineTo deploy the MariaDB for MQM with the command line using customized values, enter the parametersseparated by a space.
For example: INSTALLDIR="C:\MariaDB" SUPERID="[email protected]"SUPERIDPWD="superduper123"
Integrating MQM with McAfee ePODeploy the MQM packages 5
McAfee Quarantine Manager 7.1.1 Product Guide 35
Table 5-1 Command line parameters
Parameter Example Description
INSTALLDIR INSTALLDIR="C:\MariaDB" Installs MariaDB in the specified folderlocation
MYSQLUSER MYSQLUSER="root123" Sets the MariaDB user name
MYSQLPASSWORD MYSQLPASSWORD="root123" Sets the MariaDB password
MYSQLDBNAME MYSQLDBNAME="mymqm" Sets the MariaDB database name
MYSQLPORT MYSQLPORT=3361 Sets the MariaDB port number
SUPERID SUPERID="[email protected]" Sets the Super Administrator email address
SUPERIDPWD SUPERIDPWD="superduper123" Sets the Super Administrator password
Deploy MQM on client computersPerform a standard installation on your client computers using MQM default settings.
Tasks• Deploy MQM on client computers using McAfee ePO on page 36
Use the McAfee ePO interface to perform a standard installation on your client computers.
• Deploy MQM on client computers using the command line on page 36To deploy MQM using the command line, enter the parameters separated by a space.
Deploy MQM on client computers using McAfee ePOUse the McAfee ePO interface to perform a standard installation on your client computers.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the McAfee ePO server as an administrator.
2 Click Menu | Systems | System Tree.
3 Select the system, then click Actions | Agent | Run Client Task Now.
4 Configure the task options.
a On the Product list, select McAfee Agent.
b On the Task Type list, select Product Deployment.
c Click Create New Task.
5 Select the Target platforms.
6 Configure the Products and components options.
a From the drop-down list, select McAfee Quarantine Manager.
b From the Action drop-down list, select Install.
7 Click Run Task Now.
8 When the task completes, click Close.
Deploy MQM on client computers using the command lineTo deploy MQM using the command line, enter the parameters separated by a space.For example: INSTALLDIR="C:\MQM" REBOOTREQUIRED=1
5 Integrating MQM with McAfee ePODeploy the MQM packages
36 McAfee Quarantine Manager 7.1.1 Product Guide
Table 5-2 Command line parameters
Parameter Example Description
INSTALLDIR INSTALLDIR="C:\MQM" Installs MQM in the specified folder location.
REBOOTREQUIRED REBOOTREQUIRED=1 Restarts the client computer after installation.
Install the MQM extensionsInstall MQM extensions on client computers to manage them using McAfee ePO.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the McAfee ePO server as an administrator.
2 Click Menu | Software | Extensions | Install Extension.
3 Install the MQM policy extension.
a On the Install Extension dialog box, click Browse.
b Locate and select the MQM policies .zip file, then click OK.
When you use McAfee ePO to manage more than one MQM server, we recommend that youassign a separate database configuration policy to each server. Assigning a separateconfiguration policy avoids conflict between the servers connected to the same database.
4 Install the MQM reports extension.
a On the Install Extension dialog box, click Browse.
b Locate and select the MQM reports .zip file, then click OK.
5 Install the MQM Help extension.
a On the Install Extension dialog box, click Browse.
b Locate and select the MQM Help .zip file, then click OK.
Configure policiesYou can use the McAfee ePO console to enforce policies across groups of computers or on a singlecomputer.
These policies override configurations set on individual computers. For information about policies andhow they are enforced, see the McAfee ePolicy Orchestrator Product Guide.
Before configuring any policies, select the group of computers where you want to change MQMpolicies. You can change MQM policies from the pages and tabs that are available in the details pane ofthe McAfee ePO console. These pages resemble those you can access from the MQM administratorinterface.
After you change the appropriate policies and save the changes for the intended computer or group ofcomputers, you are ready to deploy new settings via the McAfee Agent.
Integrating MQM with McAfee ePOInstall the MQM extensions 5
McAfee Quarantine Manager 7.1.1 Product Guide 37
Tasks• Create policies on page 38
Create the policies that you deploy to groups of computers, or to a single computer.
• Enforce policies on page 38Enforce a policy to multiple managed systems within a group.
Create policiesCreate the policies that you deploy to groups of computers, or to a single computer.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the McAfee ePO server as an administrator.
2 Click Menu | Systems | System Tree.
3 Click the Assigned Policies tab.
4 From the Product drop-down list, select McAfee Quarantine Manager.
5 Locate the policy and click Edit Assignment.
6 Create and configure the policy options.
a Click New Policy.
b From the Create a policy based on this existing policy drop-down list, select the policy that you want toduplicate.
c Enter the Policy Name, then click OK.
Enforce policiesEnforce a policy to multiple managed systems within a group.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the McAfee ePO server as an administrator.
2 Click Menu | Systems | System Tree.
3 Click the Assigned Policies tab, then select McAfee Quarantine Manager from the Product drop-down menu.
4 Click Edit Assignment next to the policy Category you want to enforce.
5 From the Assigned policy drop-down menu, select the policy, then click Save.
6 Click the Systems tab, then select the system.
7 Send an agent wake-up call.
a Click Actions | Agent | Wake Up Agents.
b On the Wake Up McAfee Agent page, select Agent Wake-Up Call as the Wake-up call type.
c Enter a Randomization period between 0–60 minutes, which is the amount of time for systems torespond to the wake-up call.
5 Integrating MQM with McAfee ePOConfigure policies
38 McAfee Quarantine Manager 7.1.1 Product Guide
d Select Get full product properties in addition to system properties.
e Click OK.
To view the status of the agent wake-up call, click Menu | Automation | Server Task Log.
Configure reportsUse predefined queries in McAfee ePO to generate visual representations of the MQM data.
McAfee ePO has its own querying and reporting capabilities, and includes a set of default queries.However, you can duplicate and manage all predefined MQM queries.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the McAfee ePO server as an administrator.
2 To edit a predefined query, open the query in the Query Builder.
a Click Menu | Reporting | Queries & Reports.
b On the Query tab, select the MQM query, then click Edit.
c On the Query Builder page, click Others from the Feature Group list.
d Select the result type, then click Next.
3 Select the query layout.
a From the Display Results as menu, select the layout.
b Configure the remaining layout options, then click Next
4 Select the query columns.
a From the Available Columns menu, select the columns to apply to your query.
b In the Selected Columns configuration area, select, drag, and position each column.
c Click Next.
5 On the Filter page, select the properties and operators that limit the query data.
6 From the Available Properties menu, select the properties and configure the corresponding values, thenclick Run.
7 Save the query.
a Click Save.
b On the Save Query page, enter the Query name, add any notes, and select the Query Group.
c Click Save.
Integrating MQM with McAfee ePOConfigure reports 5
McAfee Quarantine Manager 7.1.1 Product Guide 39
Configure tasksView, manage, and schedule tasks, which are configurable actions that are performed at convenienttimes.
There are certain tasks you must complete on a regular basis. For example, schedule a task toautomatically purge the MQM database and remove old quarantined items.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the McAfee ePO server as an administrator.
2 Click Menu | Policy | Policy Catalog.
a From the Product drop-down list, select McAfee Quarantine Manager.
b From the Category drop-down list, select Task Manager.
c Click on the policy that you want to manage.
3 Click Add.
4 On the Add window, configure the options, then click OK | Save.
5 Integrating MQM with McAfee ePOConfigure tasks
40 McAfee Quarantine Manager 7.1.1 Product Guide
6 Post-installation tasks
To complete the installation, complete the post-installation tasks.
Contents Test the installation Configure the database Configure certificates for secure SMTP communication Configure the configuration push interval Define administrators Rebrand MQM Customize the user interface URL
Test the installationVerify the connection between MQM and other McAfee products.
When you enable the Use HTTP to communicate with the MQM server (MQM v6 and greater) option on your McAfeeEmail and Web Security Appliance, the Test option cannot verify connectivity.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Click Start | All Programs | McAfee | Quarantine Manager | Administrator UI.
2 On the McAfee Quarantine Manager Administrator Log On page, log on to the Super Administrator accountthat you specified during installation.
3 Log on to the administrator interface.
4 Click Dashboard | Quarantined.
5 Click the Connected McAfee Products tab, then click Test.
Configure the databaseConfigure a supported external database and check that MQM can connect to it.
Task1 Click Start | All Programs | McAfee | Quarantine Manager | DB Management UI.
2 On the McAfee Quarantine Manager Administrator Log On page, click Configure Database.
3 On the Authentication Required page, enter the credentials, then click OK.
6
McAfee Quarantine Manager 7.1.1 Product Guide 41
4 On the Database Configuration page, configure the options.
a From the Database Type drop-down list, select the type of database that you want to use.
b In the Database Server field, enter the database server IP address or host name.
For SQL Server, specify named instances in the Server\Namedinstance format.
c In the UserName field, enter the database user name that MQM uses to connect to the databaseserver. The user name must have write permissions for the database defined under DatabaseName.
d In the Password field, enter the password.
e In the Database Name field, enter the database name.
f In the Database Port field, enter the port number that MQM uses to connect to the database server.
g To connect to the database using the default port, select Use default port.
h To erase all data from the database and create a database schema, select Create Quarantine Managerschema, then enter the email address and password.
Schema is the structure of the database that defines the objects in the database. It defines thetables, the fields, indexes, and procedures.
5 Click Test.
6 When the database configuration is successful, click Apply.
Configure certificates for secure SMTP communicationConfigure certificates for the secure (TLS) SMTP communication.
To install on the SMTP server, the Transport Layer Security (TLS) communication needs a validcertificate signed by a valid CA (certificate authority). MQM must have the CA certificate installedwhen the TLS option is enabled for sending emails.
Ensure that the certificate is PEM format.
Task1 In the MQM installation directory, navigate to \bin\certs.
2 Create a file. Use the name ca.pem.
3 Open the CA certificate file and copy the contents to ca.pem.
If you have certificates from different CAs, copy the contents of all the CA certificates to the ca.pemfile.
Configure the configuration push intervalPush configuration changes to products connected to MQM.The configuration push is completed at regular intervals. You can specify the minimum intervalbetween the configuration updates on the connected McAfee products.
6 Post-installation tasksConfigure certificates for secure SMTP communication
42 McAfee Quarantine Manager 7.1.1 Product Guide
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Select Settings and Diagnostics | Communications | Advanced.
3 In the Configuration Push Interval (seconds) field, enter the interval.
The default is 14400.
Define administratorsCreate and assign administrator roles to network users.
Use LDAP groups as MQM administratorsAssign administrator rights to LDAP group users.LDAP groups are defined on the LDAP server. When groups on the LDAP server are defined to act asthe administrator, any user belonging to the group can act as the administrator.
• MQM does not support nested LDAP groups to act as administrators.
• For Active Directory, log on to the computer as the group member user that you want toact as an administrator.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Configure the LDAP server.
a Click Settings and Diagnostics | Communications | LDAP Server.
b Configure the LDAP server settings, then click Add.
3 Click Administrator Management | Manage Administrator | Administrator Authentication.
4 Select Directory Server Groups and click Next.
5 Select the group.
6 When prompted to confirm, click Yes.
The Administrator Authentication settings are changed, and you are logged out.
7 To log on with new credentials, select Click Here.• For all LDAP groups except Active Directory, specify the logon credentials.
• For Active Directory, you automatically log on using the current Windows account.
• Super Administrators can assign LDAP groups to act as Operator and DomainAdministrators.
• The Alias role is not applicable for Directory Server authentication.
Post-installation tasksDefine administrators 6
McAfee Quarantine Manager 7.1.1 Product Guide 43
Create administrators with restricted rightsCreate Domain Administrator accounts and assign administrator rights.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Administrator Management | Manage Administrator | Add New Account.
3 On the Account Role and Details page, select the Account Role, then enter the Account Details.
4 Click Next.
5 On the Visible Quarantine Queues page, select the queues, then click Next.
To include all child queues, select the parent category .
6 On the Management Privileges page, select the administrator rights.
To grant all rights, select All Privileges.
By default, all rights are enabled.
7 Click Finish.
If the Administrator does not have permissions, the deselected options are hidden. For example,when you deselect Generate reports, the Administrator is unable to view these administrator interfacefeatures:
• Graphical Reports link
• Reports tab on the Dashboard page
Rebrand MQMUse the MQM rebranding kit to customize the colors and text on the administrator interface.
Task1 Open the Rebrand folder.
Example: C:\Program Files (x86)\McAfee\Quarantine Manager\AdminUI\Rebrand
2 Open and edit the Rebrand file.
3 Add your company logo.
a Resize your company logo to a 3:1 aspect ratio.
b Locate the LogoImagePath line.
6 Post-installation tasksRebrand MQM
44 McAfee Quarantine Manager 7.1.1 Product Guide
c Remove ../Rebrand.logo.gif, then enter ../Rebrand/<your_logo>.gif.
• You can use any image format that a web browser can render.
• Do not delete the existing logo.gif file.
• Do not place the logo file outside the MQM AdminUI folder. Instead, enter the relativepath from the MQM AdminUI folder.
• Do not use a logo image more than 1 MB in size.
4 Add your corporate colors.
Make sure you use only a valid color code that your browser can interpret. Invalid color codes cancause scripting errors, which causes the interface to not render properly.
a On the TitlebarColor line, remove #B00C33, then enter the color code.
b On the TopLinkBarColor line, remove #000000, then enter the color code.
5 Add your company and product names.
To avoid distorting the title bar, the length of the combined company and product names must notexceed 100 characters.
a On the CompanyName line, remove McAfee, then enter your company name.
b On the ProductName line, remove Quarantine Manager, then enter Quarantined Mail Store.
6 Save your changes and close the window.
Customize the user interface URLBy default, the MQM URL that is referred to in email communications (such as digest email andpassword reminders) contains a fully qualified domain name in the http://<yourdomain>/MQMUserUIformat. To meet your network needs, you can change the user interface URL.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Select Settings and Diagnostics | Advanced Settings | Settings.
3 In Email Notifications Related, select Customize Server URL.
4 Configure the options, then click Apply.
Post-installation tasksCustomize the user interface URL 6
McAfee Quarantine Manager 7.1.1 Product Guide 45
6 Post-installation tasksCustomize the user interface URL
46 McAfee Quarantine Manager 7.1.1 Product Guide
Configuration and useUse the MQM interface components to configure your quarantine options.
Chapter 7 Configuring domainsChapter 8 Configuring user accountsChapter 9 Managing quarantined itemsChapter 10 Configuring tasksChapter 11 Managing user submissionsChapter 12 Configuring and using the user interfacesChapter 13 Configuring blacklists and whitelistsChapter 14 Reporting
McAfee Quarantine Manager 7.1.1 Product Guide 47
7 Configuring domains
To add your network users to MQM, you must register your network domains.
Contents Create a domain Assign domains to Domain Administrators Assign domains to groups Change domain configuration settings
Create a domainCreate a domain to store domain-based quarantined items.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Select Admininistrator Management | Manage Domains.
3 Enter the Domain Name, then click Add.
• The Domain Name must not exceed 61 characters, and can contain letters, numbers, and dots.
• MQM does not support wildcards and subdomains are explicitly registered.
4 Click Quarantine Management | Quarantined Items.
Items quarantined by the supported McAfee product are listed under View Results.
5 Click Quarantined Items, then select the domain name from the drop-down list to view the quarantinedemails for the domain.
Tasks• Export and import domains on page 49
Use MQM to export users from one email domain, then import them into another.
Export and import domainsUse MQM to export users from one email domain, then import them into another.
Adding all email domains that your organization manages is mandatory for various MQM features,such as email digests and user access.
When an item is quarantined from a domain that is unregistered, it is grouped under Others.
7
McAfee Quarantine Manager 7.1.1 Product Guide 49
Tasks
• Create the domain export file on page 50To export one or more domains registered in MQM to a specified location, create an exportfile.
• Import domains on page 50Import domains from .csv or .txt files.
Create the domain export fileTo export one or more domains registered in MQM to a specified location, create an export file.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Administrator Management | Manage Domains | Import / Export Domains.
3 From the Managed Domains List, select one or more domains, then click Export.
Multiple domains are exported in a single text file.
4 On the File Download window, click Save.
Import domainsImport domains from .csv or .txt files.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Administrator Management | Manage Domains | Import / Export Domains.
3 To locate the file, enter the File Path, or click Browse.
4 Click Import.
MQM generates a report of successful or failed imported domains. All domains are listed in the ManagedDomains List.
Assign domains to Domain AdministratorsTo delegate quarantine management tasks for domains, create a Domain Administrator and assign thedomains.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Administrator Management | Manage Domains.
3 From the Managed Domains List, select the domain, then click Assign Administrator.
To assign only one domain to the Domain Administrator, click Assign on the Domain Admin column.
7 Configuring domainsAssign domains to Domain Administrators
50 McAfee Quarantine Manager 7.1.1 Product Guide
4 On the Assign Admin configuration area, select the administrators from the Administrators List, then clickAdd.
5 Click Assign.
• When a single domain is assigned, the previously assigned administrators are automaticallypopulated in the Assigned Administrator(s) List.
• When multiple domains are assigned, the Assigned Administrator(s) List remains empty.
Assign domains to groupsAssign domains to groups that are registered in connected McAfee products.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Administrator Management | Manage Domains.
3 From the Managed Domains List, select the domain, then click Modify/View.
4 On the Assign Groups page, select one or more groups from the Groups List, then click Add.
5 Click Assign.
When you click Remove, the group is assigned to the Super Administrator.
Change domain configuration settingsChange the configuration options for one or more domains.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Administrator Management | Manage Domains.
3 From the Managed Domains List, select one or more domains, then click Modify Configuration.
4 For each detection, select and configure the User and Queue Settings.
5 Configure the Mail Settings options that set the parameters for the mail server to facilitatecommunication with domain users.
a In the Server Name / IP Address field, enter the host name or IP address of the domain mail server.
b In the Port field, enter the mail server port.
c To enhance the privacy of emails sent to the domain users, select Use TLS.
6 In Digest Settings, select Automatically register end-users from the quarantined database during Email Digest task.
7 Click the Templates tab, and configure the options.
8 Click Apply.
Configuring domainsAssign domains to groups 7
McAfee Quarantine Manager 7.1.1 Product Guide 51
7 Configuring domainsChange domain configuration settings
52 McAfee Quarantine Manager 7.1.1 Product Guide
8 Configuring user accounts
You can create and manage MQM user accounts using the administrator interface, or manage useraccounts defined on the LDAP server.
Contents Add users to MQM Create user accounts Register distribution lists Change user configuration settings
Add users to MQMTo create user accounts, you must register or import users to MQM.
Register users automaticallyConfigure the settings that allow users to automatically register using information available in thequarantine database.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Administrator Management | Manage Domains.
3 Select the domain, then click Modify Configuration.
4 On the General tab, select Automatically register users from the quarantined database during Digest operation in DigestSettings.
The corresponding Recipient Check feature is enabled in the MQM connected products.
5 Click Apply.
Import users to MQMTo enable users to access their account on the user interface, import them to MQM.
Import users from LDAP serversImport users that are registered with LDAP servers.
Before you beginEnsure that the authorization mode is set to LDAP Server Accounts.
8
McAfee Quarantine Manager 7.1.1 Product Guide 53
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Settings and Diagnostics | Communications | LDAP Server.
Each LDAP server type has parameters that you must define to facilitate communication with theMQM server.
3 Enter the LDAP Setting Name.
4 Select the Server Type from the drop-down list, then configure the remaining options.
5 To check the connectivity, click Test.
6 To assign administrator rights to users on the LDAP server, synchronize the user list on the MQMLDAP server.
a Click End User Management | General.
b Configure the User Synchronization Settings.
7 To import users from the LDAP server, create a user synchronization task.
a Click Settings and Diagnostics | Task Manager.
b From the Task Type drop-down list, select User Synchronization.
c Specify when to run the task, enter the Task Name, then click Add.
See also Synchronize and register user lists on page 60
Import users from .csv or .txt filesRegister multiple users by importing a delimited text file containing the list of users. The supported fileformats are .csv and .txt.
Domains must be registered with MQM before you can add users.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click End User Management | User Management | General.
3 Configure the User Import settings.
4 Click Create Users.
If you want to use multi-byte characters, the imported filed format must be UTF-8.
Import users from XML filesImport users and corresponding configuration settings from an XML file.
Domains must be registered withMQM before you can add users.
8 Configuring user accountsAdd users to MQM
54 McAfee Quarantine Manager 7.1.1 Product Guide
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Blacklists and Whitelists | Import and Export.
3 In the Import configuration area, click Browse, then select the XML file you want to import.
4 To merge the imported and previous user configurations, select Merge user configuration.
If you do not select this option, the user configuration is overwritten.
5 Click Import Configuration.
Create user accountsTo enable users to access their accounts on the user interface, create user accounts.
Task1 Click Start | All Programs | McAfee | Quarantine Manager | UserUI.
2 Click New user? Click here to register.
3 On the McAfee Quarantine Manager User Registration page, enter the user Email Address.
4 Click Register.
An email is sent to the user email address with the logon credentials.
Register distribution listsWhen emails are sent to distribution lists, MQM quarantines the email. MQM creates a copy of theemail and sends it to each user on the distribution list. When users receive the email, they canrelease, delete, or blacklist it.
Nested distribution lists are not supported.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Configure the LDAP server.
a Click Settings and Diagnostics | Communications | LDAP Server.
b Configure the LDAP server settings, then click Add.
3 Click End User Management | User Management | Distribution Lists.
4 Select the LDAP Setting Name from the drop-down list, then click Get List.
5 Select the distribution list, then click Register.
Configuring user accountsCreate user accounts 8
McAfee Quarantine Manager 7.1.1 Product Guide 55
6 To pull the registered distribution list users to MQM, create a User Synchronization task.
a Click Settings and Diagnostics | Task Manager.
b From the Task Type drop-down list, select User Synchronization.
c Specify when to run the task, enter the Task Name, then click Add.
Change user configuration settingsChange the settings for MQM-registered users.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click End User Management | User Management | Account Management.
3 To locate the users you want to change, configure the search options.
a In Include, select the user categories to include in the search.
b Select the first letter of the user account. For example, select K to search all accounts startingwith K.
To search for all user accounts, click All.
To search by the user email address, enter it in the Email address field, then click Search.
4 In the View Results list, select the user you want to change, then click Modify.
5 Configure the available options, then click Apply.
8 Configuring user accountsChange user configuration settings
56 McAfee Quarantine Manager 7.1.1 Product Guide
9 Managing quarantined items
View all email messages that contain detected and quarantined potential threats.
Contents Search quarantined items Take action on quarantined items Manage user submissions
Search quarantined itemsView information about all quarantined email messages that contain potential threats. You can use thefilters to refine your search and find the quarantined items with the required information.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Quarantine Management | Quarantined Items.
3 Configure up to three filters.
4 Click Search.
5 On the View Results grid, select the quarantine items.
6 From the More Actions drop-down list, select an option, then click Go.
Tasks• Perform a quick search on page 57
Perform a quick search for quarantined items.
Perform a quick searchPerform a quick search for quarantined items.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Dashboard | Graphical Reports | Quarantined | Quick Search.
3 From the Time Span drop-down list, select the time period.
9
McAfee Quarantine Manager 7.1.1 Product Guide 57
4 Select the Domain.
To select domains that are not managed by the MQM server, select Others.
5 Configure the remaining options, then click Search.
Take action on quarantined itemsSelect quarantined items to release, delete, or blacklist. More advanced actions are also available.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Quarantine Management | Quarantined Items.
3 On the View Results grid, select the quarantine items.
4 From the More Actions drop-down list, select an option, then click Go.
Manage user submissionsFind and manage the quarantined items that users submit to McAfee Labs for analysis.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Quarantine Management | User Submissions.
3 Configure the search settings.
a Configure up to three filters.
b Specify the time range.
c From the Queue drop-down list, select the submission type.
d To search by domain, select the Domain from the drop-down list.
4 Click Search.
5 On the View Results list, select the user submissions.
6 From the More Actions drop-down list, select an option, then click Go.
9 Managing quarantined itemsTake action on quarantined items
58 McAfee Quarantine Manager 7.1.1 Product Guide
10 Configuring tasks
Tasks are configurable actions that MQM performs at specified times.
Contents When to run tasks Schedule digest emails Synchronize and register user lists Send status reports Synchronize distribution lists
When to run tasksYou can configure and schedule a task to run later, or run an urgent task immediately.
Certain tasks must be completed on a regular basis. For example, schedule a task to automaticallypurge the MQM database and remove old quarantined items.
When you use LDAP authentication, you must synchronize MQM with the users list defined in yourLDAP server. Also, you must perform user-based tasks immediately, which include:
• Immediately send a quarantine summary to a user.
• Delete user-quarantined items.
• Send an urgent email to a user from MQM.
Schedule digest emailsCreate a task that schedules the delivery of digest emails to all users. Digest emails include a list ofquarantined items for a specified time period, and detailed summaries of quarantined items, blacklists,and whitelists.
We recommend that you run the email digest task at least once per week.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Select Menu | Policy | Policy Catalog.
a From the Product drop-down list, select McAfee Quarantine Manager.
b From the Category drop-down list, select Task Manager.
c Click the policy you want to manage.
10
McAfee Quarantine Manager 7.1.1 Product Guide 59
2 In Task Type, select Email Digest, and click Add.
3 Enter the task name, choose how often you want to send digest emails, then click OK.
Synchronize and register user listsCreate a task that synchronizes the list of LDAP server users, and registers the users for MQM. Youcan also synchronize added or changed user accounts in the registered LDAP distribution lists.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Settings and Diagnostics | Task Manager | Scheduled Tasks.
3 From the Task Type drop-down menu, select User Synchronization.
4 Specify when to run the task.
5 Enter the Task Name.
6 Click Add.
On the Task successfully added message window, click OK.
7 Select Menu | Policy | Policy Catalog..
a From the Product drop-down list, select McAfee Quarantine Manager.
b From the Category drop-down list, select Task Manager.
c Click the policy you want to manage.
8 In Task Type, select User Synchronization, and click Add.
9 Enter the task name, choose how often you want to synchronize users, then click OK.
When you select Delete users not found in the LDAP server, all users that are no longer available on the LDAPserver are removed.
Send status reportsCreate a task that sends status reports to administrators. Status reports contain detailed informationabout database sizing, counter status, task activities, and errors.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Select Settings and Diagnostics | Task Manager | Scheduled Tasks.
3 From the Task Type drop-down list, select Status Email.
10 Configuring tasksSynchronize and register user lists
60 McAfee Quarantine Manager 7.1.1 Product Guide
4 From the Apply to Domains drop-down list, select the domains.
The domains you select receive the status email that contains the domain user quarantinedactivities. To send the status report to all Domain Administrators, select Select All. To send the statusemail to Domain Administrators not managed in MQM, select Others.
5 Specify when to run the task.
6 Enter the Task Name.
7 Click Add.
On the Task successfully added message window, click OK.
8 Select Menu | Policy | Policy Catalog..
a From the Product drop-down list, select McAfee Quarantine Manager.
b From the Category drop-down list, select Task Manager.
c Click the policy you want to manage.
9 In Task Type, select Status Email, and click Add.
10 Enter the task name, choose how often you want to send status reports, then click OK.
Synchronize distribution listsCreate a task that regularly synchronizes distribution lists.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Select Settings and Diagnostics | Task Manager | Scheduled Tasks.
3 From the Task Type drop-down list, select DL Synchronization.
4 Specify when to run the task.
5 Enter the Task Name.
6 Click Add.
On the Task successfully added message window, click OK.
7 Select Menu | Policy | Policy Catalog..
a From the Product drop-down list, select McAfee Quarantine Manager.
b From the Category drop-down list, select Task Manager.
c Click the policy you want to manage.
8 In Task Type, select DL Synchronization, and click Add.
9 Enter the task name, choose how often you want to synchronize distribution lists, then click OK.
Configuring tasksSynchronize distribution lists 10
McAfee Quarantine Manager 7.1.1 Product Guide 61
11 Managing user submissions
When users submit suspicious email messages to McAfee Labs for analysis, you can manage the emailmessage submissions from the administrator interface.
Contents Manage user submissions View search results
Manage user submissionsFind and manage the quarantined items that users submit to McAfee Labs for analysis.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Quarantine Management | User Submissions.
3 Configure the search settings.
a Configure up to three filters.
b Specify the time range.
c From the Queue drop-down list, select the submission type.
d To search by domain, select the Domain from the drop-down list.
4 Click Search.
5 On the View Results list, select the user submissions.
6 From the More Actions drop-down list, select an option, then click Go.
View search resultsExecute actions on selected quarantined items.
TaskFor details about product features, usage, and best practices, click ? or Help.
• Under View Results, execute actions on selected quarantined items.
11
McAfee Quarantine Manager 7.1.1 Product Guide 63
12 Configuring and using the user interfaces
Create and manage your MQM account from the user interface on your desktop or mobile device.
Contents Access your MQM user account Use the mobile interface to manage quarantined emails
Access your MQM user accountTo create your MQM account , log on to the web-based MQM user interface.
Task1 In a web browser, go to http://<MQMServer>/MQMUserUI/<LocaleID>/LogOn.html.
2 Create your MQM account credentials.
a Click New user? Click here to register.
b On the McAfee Quarantine Manager User Registration page, enter your email address, then click Register.
c When the confirmation message appears, click OK.
MQM sends you an email with your password.
d Click Click here to return to the Log On page.
e On the McAfee Quarantine Manager User Log On page, enter your email address and password, thenclick Log on.
If your organization uses an LDAP server and your administrator has enabled LDAP authentication,you can log on to MQM with the LDAP account user name and password.
Tasks• Configure your MQM account on page 66
Configure the various settings for your MQM account.
• Submit spam samples to McAfee Labs on page 69When spam email messages are released to your mailbox by mistake and you want tosubmit it for analysis, submit them to McAfee Labs.
12
McAfee Quarantine Manager 7.1.1 Product Guide 65
Configure your MQM accountConfigure the various settings for your MQM account.
Tasks• Configure the blacklist on page 66
Add the email addresses to your blacklist that frequently send you spam messages orunwanted emails.
• Configure the whitelist on page 66Add trusted email addresses to your whitelist. For example, business partners whoseemails you want to receive.
• Configure email aliases on page 67When you have more than one email address, you can add email aliases to your account.
• Change your password on page 67If you want to change your password, you can reset it.
• Configure quarantine report preferences on page 67Specify your preferences to receive quarantine activity reports.
• View email reassignments on page 68View the list of users and quarantine items that you manage.
Configure the blacklistAdd the email addresses to your blacklist that frequently send you spam messages or unwantedemails.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the user interface.
2 Click Your Account | Blacklist.
3 Enter the Email Address, then click Add.
4 Click Apply.
Configure the whitelistAdd trusted email addresses to your whitelist. For example, business partners whose emails you wantto receive.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the user interface.
2 Click Your Account | Whitelist.
3 Enter the Email Address, then click Add.
4 Click Apply.
12 Configuring and using the user interfacesAccess your MQM user account
66 McAfee Quarantine Manager 7.1.1 Product Guide
Configure email aliasesWhen you have more than one email address, you can add email aliases to your account.
For example, assume the company you work for changes your email address and you want your oldemail address to remain active. If you add the old address as an alias, quarantined emails for eitheraddress reside in the same place. When you add an alias, the activation code is sent to the alias emailaddress. The changes show as pending activation and are not operational until you supply theactivation code.
When LDAP authentication is enabled, you can view any email aliases that exist for you in the LDAPserver, but you cannot change or add aliases.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the user interface.
2 Click Your Account | Email Aliases.
3 In the Name field, enter the email alias, then click Add.
4 Enter the Enter the activation code here, then click Activate.
5 Click Apply.
Change your passwordIf you want to change your password, you can reset it.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the user interface.
2 Click Your Account | Settings.
3 In the New password field, enter the password.
Your password must be alphanumeric and contain at least 8 characters. When the authenticationmode is set to LDAP User Accounts, you cannot change the password.
4 In the Confirm new password field, retype the password.
5 Click Apply.
Configure quarantine report preferencesSpecify your preferences to receive quarantine activity reports.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the user interface.
2 Click Your Account | Settings.
3 In Configuration Settings, specify your digest email preferences, then click Apply.
Configuring and using the user interfacesAccess your MQM user account 12
McAfee Quarantine Manager 7.1.1 Product Guide 67
View email reassignmentsView the list of users and quarantine items that you manage.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the user interface.
2 Click Your Account | Email Reassignment.
Manage quarantined emailsView information about quarantined email messages that contain potential threats. You can use thefilters to refine your search, and find the quarantined items with the required information.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Click Quarantined Items, then configure up to three filters.
a Select the comparison criteria.
b Specify a match value using these wildcards:
• * — Matches to any number of characters
• ? — Matches a single character
• \\ — Matches any \ character in the search field
c To use more than one search filter, select the operator, then configure the settings for theremaining search filters.
2 From the All Dates or Date Rangedrop-down lists, select the dates you want.
3 To search quarantined items based on the classification, select the queue.
4 Click Search.
5 In the View Results list, select one or more emails, then choose the action.
To select or deselect all items in the View Results list, use the checkbox on the header row.
Manage quarantined emails from digest emailsTo manage your quarantine emails, use digest email actions.
The digest email is a customizable condensed report of all your quarantined items, blacklist, whitelist,and related quarantine activities. The information in the digest email depends on administratorconfigurations.
Task1 Open the digest email.
2 Complete the digest email actions.
A response message appears for each action, as configured by your administrator.
12 Configuring and using the user interfacesAccess your MQM user account
68 McAfee Quarantine Manager 7.1.1 Product Guide
Manage quarantined emails from HTML attachmentsOpen HTML attachments in email digest notifications to apply actions to quarantined email messages.
Task1 Open the email digest notification, then open the attachment.
2 For each quarantined email message, select an action from the Action drop-down list.
3 Click Apply.
Submit spam samples to McAfee LabsWhen spam email messages are released to your mailbox by mistake and you want to submit it foranalysis, submit them to McAfee Labs.
Administrators review all email messages before they are sent to McAfee Labs for analysis. The moreemail messages that you submit, the more the message filtering improves.
Tasks• Submit spam samples from disks on page 69
Submit spam samples that are saved as .eml files on your computer.
• Submit spam samples with the McAfee Customer Submission Tool on page 69Submit spam samples from Microsoft Outlook using the McAfee Customer Submission Tool.
• Submit spam samples quarantined by mistake on page 70Submit samples of quarantined emails that were sent from trusted sources and categorizedas spam by mistake.
Submit spam samples from disksSubmit spam samples that are saved as .eml files on your computer.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 From your email client, save the email as an .eml file.
2 Log on to the user interface.
3 Click Submit Spam Sample | Browse, then locate and open the .eml file.
4 Click Submit.
Submit spam samples with the McAfee Customer Submission ToolSubmit spam samples from Microsoft Outlook using the McAfee Customer Submission Tool.
Before you beginYour administrator must install the McAfee Customer Submission Tool.
Configuring and using the user interfacesAccess your MQM user account 12
McAfee Quarantine Manager 7.1.1 Product Guide 69
Task1 From Microsoft Outlook, select the emails you want to submit as spam.
2 On the toolbar, click one of these spam options:
• Submit Spam — Submits the selected messages that MQM did not categorize as spam or phish.
• Submit Non-spam — Submits the selected messages that MQM incorrectly categorized as spam orphish.
3 On the Submit Spam or Phish page, select the actions, then click OK.
Submit spam samples quarantined by mistakeSubmit samples of quarantined emails that were sent from trusted sources and categorized as spamby mistake.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the user interface.
2 Select Quarantined Items, then select the email messages quarantined by mistake.
3 From the More Actions drop-down list, select Submit as Non-Spam, then click Go.
Use the mobile interface to manage quarantined emailsAccess the mobile user interface to manage quarantined email messages.
Access the mobile user interfaceYou can access the user interface on your mobile device from email digest notifications.
Task1 From your mobile device, navigate to your email inbox.
2 Open the mobile digest notification, then open the mobile user interface.
• On HTML mobile digest notifications, tap Manage Online.To delete all quarantined email messages, click Delete All.
• On plain text mobile digest notifications, tap url.
The format of the mobile digest notification depends on your mail server and email clientconfiguration.
12 Configuring and using the user interfacesUse the mobile interface to manage quarantined emails
70 McAfee Quarantine Manager 7.1.1 Product Guide
Sort the list of quarantined email messagesOrganize the list of quarantined email messages by date or sender.
Task• On the mobile user interface, tap the Sort by drop-down list, then tap one of these options:
• Date — Organizes the list in descending or ascending order by the date of the quarantined emailmessage.
• Sender — Organizes the list in descending or ascending order by the sender of the quarantinedemail message.
A yellow circle appears next to the current selection.
View quarantined email messagesView the content of individual quarantined email messages.
Task1 On the mobile user interface, tap the quarantined email message subject.
A browser window opens that displays the quarantined email message information.
2 To expand the quarantined email message details, tap the arrow that appears to the right of theFROM email address.
3 To view the remaining quarantined email messages, choose one of these navigation pane options:
• Tap the left and right arrows.
• Tap the current quarantined email message number, then enter the number for the quarantinedemail message you want to see.
Apply actions to quarantined email messagesFrom your mobile device, you can add sender email addresses to the blacklist or whitelist, and deleteor release quarantined email messages.
Task1 On the mobile user interface, select an available action for each quarantined email message, then
tap Apply.
The amount of quarantined email messages you apply actions to appear next to Apply.
• To delete all quarantined email messages, click or tap Delete All, then tap Delete on theConfirm Delete window.
• Some actions might be disabled. To enable all actions, contact your administrator.
• When you select an action that applies to multiple quarantined email messages, theactions for the other quarantined email messages become disabled.
• By default, you can release only spam email messages to your inbox. To release allemail message types, contact your administrator.
2 On the Your quarantine was updated page, tap the action drop-down lists to view the completed actions.
To return to the list of quarantined email messages, tap quarantined messages remaining.
Configuring and using the user interfacesUse the mobile interface to manage quarantined emails 12
McAfee Quarantine Manager 7.1.1 Product Guide 71
12 Configuring and using the user interfacesUse the mobile interface to manage quarantined emails
72 McAfee Quarantine Manager 7.1.1 Product Guide
13 Configuring blacklists and whitelists
Use blacklists and whitelists to control access to your email inbox.
Contents Levels of blacklists and whitelists Export blacklists and whitelists Import blacklists and whitelists Manage blacklists and whitelists
Levels of blacklists and whitelistsBlacklists are lists of email addresses that users do not want to receive emails from, and whitelists arelists of email addresses that users want to receive emails from.
Users create personal blacklists and whitelists, which are used in addition to the global or groupblacklists that administrators maintain. Email messages from blacklisted addresses are blocked orquarantined. Emails sent to users are matched against blacklists. When matches are found, users donot receive the emails.
Email messages from whitelisted addresses are considered non-spam. Emails sent to users arematched against whitelists. When matches are found, users receive the emails. Messages fromwhitelisted email addresses are not subject to phish or spam scanning, but are subject to other typesof scanning.
In MQM, blacklists and whitelists are organized into three levels:
• Global — Blacklists or whitelists are maintained globally for the entire organization.
• Group — Blacklists or whitelists are maintained for each user group defined on connected McAfeeproducts.
• User — Blacklists or whitelists are maintained for individual users.
You can also add blacklists and whitelists sets of users, and to products connected to MQM.
Export blacklists and whitelistsExport user configurations, group blacklists and whitelists, and global blacklists and whitelists.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Blacklists and Whitelists | Import and Export.
13
McAfee Quarantine Manager 7.1.1 Product Guide 73
3 In Export, select the Export Type.
When you select User Configuration, select the domains from the Select Domains drop-down list.
When you select Group B/W List, select the groups from the Groups drop-down list.
4 Select the Domain, then click Export Configuration
5 On the File Download window, click Save.
The default file name is McAfeeBWList.xml.
Import blacklists and whitelistsTo use existing blacklists and whitelists in MQM, you must import them.
You can also import the global blacklist and whitelist.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Blacklists and Whitelists | Import and Export.
3 In Import, click Browse.
4 Navigate to the blacklist or whitelist, then click Open.
5 Select Merge User configuration.
When you deselect Merge User configuration, the earlier user configuration is overwritten. You can alsouse the Merge User configuration option to merge aliases and reassign users.
6 Click Import Configuration.
MQM automatically detects the import file type and updates the database.
Manage blacklists and whitelists Add and remove email addresses from blacklists and whitelists.
You can also define user groups as lists of email addresses or references to existing user groups.
• Only Super Administrators and Operators can change global blacklists. DomainAdministrators have view access to global blacklists. When you add addresses groupblacklists, the addresses are also added to the connected McAfee product groupblacklists.
• Email addresses added to blacklists or whitelists are pushed to connected McAfeeproducts at regular intervals.
13 Configuring blacklists and whitelistsImport blacklists and whitelists
74 McAfee Quarantine Manager 7.1.1 Product Guide
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Blacklists and Whitelists | Organization.
3 To manage blacklists, click the Blacklists tab.
a In the Entry field, enter the email address that you want to blacklist.
b From the List Type drop-down list, select the email address list type, then click Search.
c Select the email addresses you want to add to the blacklist, then click Add.
d On the Entry successfully added to the user's blacklist window, click OK.
4 To manage whitelists, click the Whitelists tab.
a In the Entry field, enter the email address that you want to whitelist.
b From the List Type drop-down list, select the email address list type, then click Search.
c Select the email addresses you want to add to the whitelist, then click Add.
d On the Entry successfully added to the user's whitelist window, click OK.
Configuring blacklists and whitelistsManage blacklists and whitelists 13
McAfee Quarantine Manager 7.1.1 Product Guide 75
13 Configuring blacklists and whitelistsManage blacklists and whitelists
76 McAfee Quarantine Manager 7.1.1 Product Guide
14 Reporting
Use dashboards to identify and analyze quarantine data, and report your findings using reports.
Contents View quarantined data on the dashboard Generate multi-dimensional reports Generate Top 10 reports Generate advanced graphical reports Download a report
View quarantined data on the dashboardThe dashboard provides a high-level overview of MQM quarantined items.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Dashboard | Quarantined.
3 From the Domain(s) drop-down list, select the domain that contains the quarantined items you wantto view.
4 Click the graph icon next to the Queue Name that you want to add to the dashboard graph.
The graph automatically updates based on the selections you make.
Generate multi-dimensional reportsGenerate graphical reports that display statistics data in bar graphs.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Dashboard | Graphical Reports | Reports.
3 Configure the options, then click Generate.
14
McAfee Quarantine Manager 7.1.1 Product Guide 77
Generate Top 10 reportsTo view and analyze quarantined email message data, generate graphical reports.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Dashboard | Graphical Reports | Default.
3 Configure the available options, then click Search.
Generate advanced graphical reportsView quarantined items in a detailed graph, and find detections with filters.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Dashboard | Graphical Reports | Advanced.
3 Select the Graph type.
4 Configure up to three search filters.
5 Specify the time range.
6 Click Search.
Download a reportDownload and save graphical reports as PDF or HTML files.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Dashboard | Graphical Reports | Reports.
3 Configure the report settings, then click Generate.
4 To convert the graphical report into a PDF file, click the PDF icon.
a To display the report as a PDF, click Open.
b To save the report as a PDF, click Save.
5 To convert the graphical report into an HTML file, click the Internet Explorer icon.
a To open the .zip file, click Open.
b To save the report, click Save.
14 ReportingGenerate Top 10 reports
78 McAfee Quarantine Manager 7.1.1 Product Guide
MaintenanceMaintain the MQM components.
Chapter 15 Maintaining the serverChapter 16 Maintaining the databaseChapter 17 Uninstalling MQM and components
McAfee Quarantine Manager 7.1.1 Product Guide 79
15 Maintaining the server
Manage server configurations, create database backups, release emails in bulk, and create McAfeeconnected products reassignment maps.
Contents View log entries Configure the diagnostics settings Configure communication between MQM and other products Configure advanced settings Configure the status email report settings Reassign quarantined email releases to different products Release emails in bulk
View log entriesView the health of the MQM server using event, warning, and error log entries.
Use the search filters to find log entries. Find information about an initiated or ended task, connectedor disconnected product, or an error regarding failure to push configuration settings to a product.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Settings and Diagnostics | Product Log.
3 Configure the search settings.
a Configure up to three filters.
b Specify the time range.
4 Click Search.
Configure the diagnostics settingsSpecify the type of logging required, the level of debug tracing, and configure the error reportsettings.
15
McAfee Quarantine Manager 7.1.1 Product Guide 81
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Settings and Diagnostics | Diagnostics.
By default, events are logged in the product log.
3 On each tab, configure the available settings, then click Apply.
Configure communication between MQM and other productsConfigure the settings for MQM to communicate with McAfee products, LDAP servers, and mailservers.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Settings and Diagnostics | Communications | Default, then configure the options.
3 In McAfee Products, enter the Port Number.
4 In Mail Server, specify the details of the SMTP server that communicates with users.
5 Click LDAP Server, then specify the details of the LDAP server.
You can configure multiple LDAP servers.
6 Click Advanced, then configure the available options.
See also Configure certificates for secure SMTP communication on page 42
Configure advanced settingsConfigure the MQM advanced preferences. You can configure the preferences for McAfee ePO events,McAfee Labs submissions, session timeout, and dashboard refresh intervals.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Settings and Diagnostics | Advanced Settings | Settings.
The Settings tab is only available to Super Administrators and Operators. If you log on as a DomainAdministrator, the tab does not appear.
3 Expand each section and configure the options.
4 Click Apply.
5 Restart the MQM service.
15 Maintaining the serverConfigure communication between MQM and other products
82 McAfee Quarantine Manager 7.1.1 Product Guide
Configure the status email report settingsPreview and customize the status email that is sent to administrators.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Settings and Diagnostics | Advanced Settings | Status Report Email.
3 Enter the status email report information, then click Edit.
4 On the Email content HTML code page, enter the details you want to appear in the status email,then click Save.
For example, to delete counter information, delete '%COUNTER_LIST%'.
Reassign quarantined email releases to different productsEnable releases of quarantined emails of one McAfee product through another. MQM releases an emailthrough the McAfee product that quarantined the email.
Reassign quarantined email releases to different products when a McAfee product is upgraded orunavailable.
Only Super Administrators and Operators can reassign McAfee Product IDs. If you log on as a DomainAdministrator, this option does not appear.
When McAfee Email and Web Security or McAfee Email Gateway appliance IDs change, you can releasethe old quarantined emails using the old appliance ID.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Settings and Diagnostics | Advanced Settings | McAfee Products Operations.
3 Select Enable McAfee Product Reassignment.
4 In the Old McAfee Product ID field, enter the McAfee product ID of the quarantined items.
5 In the New McAfee Product ID field, enter the McAfee product ID that executes the release.
6 Click Reassign.
The emails are sent to the reassigned McAfee product.
Release emails in bulkDefine parameters to release emails in bulk. You can release more than 100 emails.
Maintaining the serverConfigure the status email report settings 15
McAfee Quarantine Manager 7.1.1 Product Guide 83
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Settings and Diagnostics | Advanced Settings | McAfee Products Operations.
3 In Bulk Release, configure the search settings.
a To search for the emails you want to release, configure up to three search filters.
b Specify the time range.
c Select the Domain.
4 Click Release.
See also Search quarantined items on page 57
15 Maintaining the serverRelease emails in bulk
84 McAfee Quarantine Manager 7.1.1 Product Guide
16 Maintaining the database
Maintain the MQM database.
Contents Calculate the size of the database Optimize the MariaDB for MQM Optimize the Microsoft SQL Server database Back up the database
Calculate the size of the database Collect database size and disk space data.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the administrator interface.
2 Click Dashboard | Graphical Reports | Quarantined | Database Information.
3 Click Get Database Size.
If the database size is large, it might take some time to retrieve the data.
Optimize the MariaDB for MQMTo enhance the performance of MariaDB for MQM, you must optimize the database.
Task1 From the command prompt, go to the bin directory in the MariaDB for MQM installation folder.
2 To log on to MariaDB for MQM, execute the following command:
mysql --user=<database user name> --password=<database password> <database name>For example:
mysql --user=scott --password=tiger mqm
3 To optimize the database. execute the following command:
call pOptimize();When the optimization is complete, the MariaDB for MQM prompt appears.
4 To exit MariaDB for MQM, execute the following command:
quit
16
McAfee Quarantine Manager 7.1.1 Product Guide 85
5 From the MariaDB for MQM installation folder, locate and edit the my.ini file.
6 Change the following parameters with the specified values:
Innodb_buffer_pool_size = 1G Innodb_Log_File_Size = 512M Innodb_Thread_Concurrency = 512
7 From the services console, restart the MariaDB for McAfee Quarantine Manager service.
Optimize the Microsoft SQL Server databaseTo enhance the performance of the Microsoft SQL Server database, you must optimize the database.
Task
1 Start SQL Server Management Studio.
2 Right-click the mqm database and select Properties.
3 In the left pane, click Files and change the following parameters in the right pane.
Initial size for Data file = (~30 GB)Autogrowth for Data file = 1 GBInitial size for log file = 1 GBAutogrowth for Log file = 512 MB
4 In the left pane, click Options, then change the Recovery model to Simple in the right pane.
5 Right-click Database Instance and select Properties.
6 In the left pane, click Advanced, then change the Network Packet Size to 32767 in the right pane.
7 Close SQL Server Management Studio.
Back up the database When a data loss occurs, you can restore MQM using a backup the existing database.
Tasks
• Database backup settings on page 87The database backup consists of several MQM settings.
• Back up the MySQL database on page 87To upgrade MQM, you must back up the MySQL database.
• Back up the Microsoft SQL Server database on page 87Back up the MQM database stored in Microsoft SQL server.
• Restore the Microsoft SQL Server database on page 88In case of data loss, restore the MQM database from an Microsoft SQL Server databasebackup.
• Back up MariaDB for MQM on page 88Back up your existing MariaDB for MQM, which comes packaged with MQM.
• Restore MariaDB for MQM on page 89In case of data loss, restore the MariaDB for MQM backup.
• Schedule a MariaDB for MQM backup task on page 89Schedule a MariaDB for MQM backup, which comes packaged with MQM.
16 Maintaining the databaseOptimize the Microsoft SQL Server database
86 McAfee Quarantine Manager 7.1.1 Product Guide
Database backup settingsThe database backup consists of several MQM settings.
Table 16-1 Database backup settings
Setting Description
MQM user account Saves user information and email aliases.
Blacklists and whitelists Saves the global blacklists and whitelists maintained by administrators.
Dashboards Saves the report, MQM server, and quarantined item dashboard data.
Quarantined data Saves the quarantined data MQM stores in the database.
Back up the MySQL databaseTo upgrade MQM, you must back up the MySQL database.
Task1 Click Start | Run, type services.msc, then click OK.
2 From the Services window, stop the MQM service.
3 From the command prompt, go to the bin directory of the MySQL installation folder.
4 Execute the following command:
mysqldump --complete-insert -n --add-drop-table -R <Database> -u<DatabaseUser> -p<DatabaseUserPassword> -r"<CompletePathofBackupFile>" --max-allowed-packet=1024MFor example, if these are your variables:
• Database name — mqm
• User name — root
• Password — dbase
• Backup location — C:\Backups\MQM\MQMBackup.sql
Use the following command:
mysqldump --complete-insert -n --add-drop-table -R mqm -u root -pdbase -r "C:\Backups\MQM\MQMBackup.sql" --max-allowed-packet=1024M
Back up the Microsoft SQL Server databaseBack up the MQM database stored in Microsoft SQL server.
Task1 Click Start | Run, type services.msc, then click OK.
2 From the Services window, stop the MQM service.
3 Log on to Microsoft SQL Server Management Studio.
4 Navigate through the databases and select the MQM database.
5 Right-click the database and select Tasks | Back Up.
Maintaining the databaseBack up the database 16
McAfee Quarantine Manager 7.1.1 Product Guide 87
6 On the Backup Database screen, configure the settings.
a From the Backup type drop-down list, select Full.
b From the Backup components drop-down list, select Database.
c From the Backup set will expire drop-down list, select After | 0.
d From the Destination drop-down list, select Disk.
e If you want to change the default backup location, click Add, then browse to the location.
f To save the backup file, click OK.
Restore the Microsoft SQL Server databaseIn case of data loss, restore the MQM database from an Microsoft SQL Server database backup.
Task1 Copy the backup file to the destination system.
2 On the destination system, log on to Microsoft SQL Server Management Studio.
3 Create, then select the database.
4 Right-click the database, then select Tasks | Restore.
5 On the Restore Database screen, configure the settings.
a From the To database drop-down list, select the database.
b From the Source for restore drop-down list, select From device and browse to the backup file (.bak) torestore.
Back up MariaDB for MQMBack up your existing MariaDB for MQM, which comes packaged with MQM.
Task1 Click Start | Run, type services.msc, then click OK.
2 From the Services window, stop the MQM service.
3 From the command prompt, go to the bin directory of the MariaDB for MQM installation folder.
4 Execute the following command:
mysqldump --complete-insert -n --add-drop-table -R <Database> -u<DatabaseUser> -p<DatabaseUserPassword> -r"<CompletePathofBackupFile>" --max-allowed-packet=1024MFor example, if the database name is mqm, user name is root, password is dbase, and backuplocation is C:\Backups\MQM\MQMBackup.sql, use the following command:
mysqldump --complete-insert -n --add-drop-table -R mqm -u root -pdbase -r "C:\Backups\MQM\MQMBackup.sql" --max-allowed-packet=1024M
16 Maintaining the databaseBack up the database
88 McAfee Quarantine Manager 7.1.1 Product Guide
Restore MariaDB for MQMIn case of data loss, restore the MariaDB for MQM backup.
Task1 Click Start | Run, type services.msc, then click OK.
2 From the Services window, stop the MQM service.
3 From the command prompt, go to the bin directory of the MariaDB for MQM installation folder.
4 Execute the following command: mysql -e "source <CompletePathofBackupFile>" -u<DatabaseUser> -p<DatabaseUserPassword> <Database>For example, if the database name is mqmv7, the user name is root, the password is dbase, andthe backup location is C:\Backups\MQM\MQMBackup.sql, use the following command: mysql -e"source C:\Backups\MQM\MQMBackup.sql" -u root -pdbase mqmv7
Schedule a MariaDB for MQM backup taskSchedule a MariaDB for MQM backup, which comes packaged with MQM.
Task1 Create a batch file with the following information:
md c:\backups\%DATE%\cd c:\backups\%DATE%\<InstallPath>\bin\mysqldump.exe --complete-insert -n --add-drop-table -R<database-name> -u <username> -p<password> -r "MQMBackup.sql"
2 Select Start | Control Panel | Scheduled Tasks | Add Scheduled Task.
3 Click Next and browse for the batch file.
4 Click Next.
5 To schedule the task and complete the wizard, follow the on-screen instructions.
Maintaining the databaseBack up the database 16
McAfee Quarantine Manager 7.1.1 Product Guide 89
17 Uninstalling MQM and components
To remove MQM from your computer, you must remove the MQM software and MariaDB for MQM.
Contents Uninstall the MQM software Uninstall MariaDB for MQM Uninstall MQM from McAfee ePO
Uninstall the MQM softwareRemove the MQM software from the server it is installed on.
Task
1 Click Start | Settings | Control Panel | Add or Remove Programs.
2 Select McAfee Quarantine Manager, then click Remove.
3 (Optional) Select Also Remove MQM data to remove the database created for storing quarantined items.
Selecting this option deletes the MQM database permanently.
Tasks• Uninstall a patch on page 91
If you experience issues with a patch, you can uninstall it, and return the software to aprevious state.
Uninstall a patchIf you experience issues with a patch, you can uninstall it, and return the software to a previous state.
We recommend uninstalling a patch only when absolutely necessary.
Task
1 Open the Services console, and stop the MQM service.
2 Copy and replace the directory files.
a Navigate to the MQM Installation Folder\Backup\ directory and copy the files.
b In the MQM Installation Folder directory, paste the files in the appropriate folders.
c Delete the Backup folder.
3 Open the Windows Registry Editor and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee|Quarantine Manager\SystemState\hfs.
17
McAfee Quarantine Manager 7.1.1 Product Guide 91
4 Delete the Patch1 registry key.
5 Open the Services console, and start the MQM service.
Uninstall MariaDB for MQMRemove the MariaDB for MQM utility from the computer where it is installed.
Task
1 Click Start | Settings | Control Panel | Add or Remove Programs.
2 Select MariaDB for McAfee Quarantine Manager, then click Remove.
Uninstall MQM from McAfee ePORemove the MQM package, extensions, and MariaDB for MQM component from the client computersand McAfee ePO repository.
Tasks
• Remove MQM from client computers on page 92To remove MQM from client computers, use McAfee ePO.
• Remove the packages on page 93Uninstall the MQM packages from McAfee ePO.
• Remove the extensions on page 93Remove the MQM extensions from McAfee ePO.
Remove MQM from client computersTo remove MQM from client computers, use McAfee ePO.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the McAfee ePO server as an administrator.
2 Click Menu | Systems | System Tree.
3 Select the system, then click Actions | Agent | Modify Tasks on a Single System.
4 Select Actions | New Task.
5 On the Client Task Builder page, add a name and notes, select Product Deployment from the Typedrop-down list, then click Next.
6 In Configuration, configure the settings, then click Next.
a For Target Platforms, select Windows.
b For Products & Components, select McAfee Quarantine Manager 7.1.x.x.
c For Action, select Remove.
d Select the language.
e If you remove only one client computer, deselect Run at every policy enforcement (Windows only).
17 Uninstalling MQM and componentsUninstall MariaDB for MQM
92 McAfee Quarantine Manager 7.1.1 Product Guide
7 To view a summary of the task, click Next, then click Save.
8 Send the agent wake-up call.
Remove the packagesUninstall the MQM packages from McAfee ePO.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the McAfee ePO server as an administrator.
2 Remove the MQM software package.
a Click Menu | Software | Master Repository.
b In the McAfee Quarantine Manager row, click Delete.
3 Remove the MariaDB for MQM package.
a Click Menu | Software | Master Repository.
b In the MariaDB for McAfee Quarantine Manager row, click Delete.
Remove the extensionsRemove the MQM extensions from McAfee ePO.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Log on to the McAfee ePO server as an administrator.
2 Click Menu | Software | Extensions.
3 Remove the MQM extension.
a From the Extensions pane, click McAfee | McAfee Quarantine Manager.
b Locate the McAfee Quarantine Manager extension, then click Remove.
c On the Remove Extension page, select Force removal, bypassing any checks or errors, then click OK.
4 Remove the MQM reports extension.
a From the Extensions pane, click McAfee | McAfee Quarantine Manager.
b Locate the MQM Reports extension, then click Remove.
c On the Remove Extension page, select Force removal, bypassing any checks or errors, then click OK.
5 Remove the MQM Help extension.
a From the Extensions pane, click McAfee | Help Content.
b Locate the MQM Help extension, then click Remove.
c On the Remove Extension page, select Force removal, bypassing any checks or errors, then click OK.
Uninstalling MQM and componentsUninstall MQM from McAfee ePO 17
McAfee Quarantine Manager 7.1.1 Product Guide 93
17 Uninstalling MQM and componentsUninstall MQM from McAfee ePO
94 McAfee Quarantine Manager 7.1.1 Product Guide
Index
Aabout this guide 7actions, quarantined items 58
administrator interface, rebranding 44
administrator typesdomain administrator 18
domain administrator alias 18
operator 18
super administrator 17
super administrator alias 17
administrators, using LDAP groups 43
advanced graphical reports 78
advanced settings 82
database 82
email notifications related 82
miscellaneous 82
status report email 83
submission to McAfee Labs 82
aliases, adding 67
authentication modes 18
Bbacking up the database, MariaDB for MQM 88
backing up the database, MySQL 87
blacklistsconfiguring 73
managing 66, 73, 74
types 73
bulk email, releasing 83
Ccalculate, database size 85
catch exceptions 81
centralized policy management, ePolicy Orchestrator 33
certificate authority 42
certificates, configuring 42
clusters, configuring on Windows servers 31
command-line argumentsMariaDB for McAfee Quarantine Manager 35
McAfee Quarantine Manager 36
communications, configuring 82
configurationadvanced settings 82
configuration (continued)blacklists 73
cluster 31
database 41
database settings 82
diagnostics 81
email notifications 82
high availability 15
MariaDB Linux 28
MariaDB Windows 28
McAfee Email and Web Security Appliance 41
McAfee Security for Microsoft Exchange 41
miscellaneous settings 82
reports 39
status report email 83
submission to McAfee Labs 82
whitelists 73
configuration push interval 82
configuration settings, changing 67
configurationscertificates 42
communications 82
LDAP server 82
conventions and icons used in this guide 7counters 77
custom queues 77
Ddashboard 77
dashboard counters, viewing 77
data leakage prevention 77
database backupcreating 86
settings 87
database configuration, Microsoft SQL Server 27
database settings, configuring 82
database size, calculating 85
databases, configuring 41
databases, supported 21
deploymentMariaDB for McAfee Quarantine Manager 35
McAfee Agent 34
McAfee Quarantine Manager 36
packages and extensions 34
McAfee Quarantine Manager 7.1.1 Product Guide 95
diagnostics 81
diagnostics settings, configuring 81
digest email 68
digest emailsmanaging quarantine from 68
directory server groups 18
disks, submitting samples from 69
distribution lists, registering 55
documentationaudience for this guide 7product-specific, finding 8typographical conventions and icons 7
domain administrator aliases 18
domain administratorsadministrator type 18
assigning domains 50
domain configurations, changing 51
domainsexporting 50
importing 50
domains, creating 49
Eemail digest task, creating 59
email digest tasks, creating 40
email notifications, configuring 82
emails, view reassignments 68
encryption compliance 77
ePO, see McAfee ePO 34, 37
ePolicy Orchestratorconfiguring reports 39
creating policies 38
enforcing policies 38
installing the software using 33
integration 33
setting policies within 37
uninstalling the software using 92
error reports 81
extensionsdeploying 34
installation 37
Ffalse positives and negatives 77
Ggetting started 9graphical reports, advanced 78
group maps 51
Hhelp extensions, installing 37
high availability, configuring 15
Iinstallation
clusters 15
extensions 37
help extension 37
MariaDB 27
policy extensions 37
product files 29
reports extension 37
VMware support 13
interfaces, rebranding 44
item push interval 82
LLDAP groups, as administrators 43
LDAP server, configuring 82
logos, adding your company logo 44
logs 81
Mmagnify graphs 77
managequarantine 68
managementblacklists 66, 74
domains 49
quarantined items 57
user submissions 58, 63
whitelist 66
whitelists 74
management software, ePolicy Orchestrator 33
MariaDBinstalling 27
Linux, configuring 28
Windows, configuring 28
MariaDB for McAfee Quarantine Managerchecking in the package 34
command-line arguments 35
deploying on client computers 35
removing from client computers 92
removing the package 93
uninstalling 92
MariaDB for MQM, backing up and restoring 88
maximum communication retry 82
McAfee Agent, deploying 34
McAfee Email and Web Security Appliance, configuring 41
McAfee ePOdeploying packages and extensions 34
install extensions 37
managing Quarantine Manager 15
McAfee Product reassignment map, creating 83
McAfee products, supported 21
McAfee Quarantine Managerchecking in the package 34
Index
96 McAfee Quarantine Manager 7.1.1 Product Guide
McAfee Quarantine Manager (continued)command-line arguments 36
deploying on client computers 36
installing 29
integrating with ePolicy Orchestrator 33
managing with McAfee ePO 15
rebranding 44
removing from client computers 92
removing the package 93
removing the product extension 93
testing 41
uninstalling 91
upgrading 29
McAfee Quarantine Manager, managing quarantined items 9McAfee Security for Microsoft Exchange, configuring 41
McAfee ServicePortal, accessing 8memory 21
Microsoft Outlook, submitting samples from 69
Microsoft SQL databasebacking up and restoring 87
restoring 88
Microsoft SQL Server, configuring 27
miscellaneous settings, configuring 82
mobile user interface, managing quarantined emails from 70
multi-dimensional reports, generating 77
MySQL, backing up and restoring 87
Ooperating systems, supported 21
operator, administrator types 18
Ppackages, deploying 34
packers 77
passwords, changing 67
patch, uninstall 91
phish 77
policies, ePolicy Orchestrator 38
policy extensions, installing 37
potentially unwanted programs 77
pre-installation 27
product files, downloading 28
product logs 81
product logs, viewing 81
purge tasks, creating 40
push interval, configuring 42
QQuarantine Manager accounts 18
quarantine messagesdelete 68
delete blacklist 68
delete whitelist 68
release 68
quarantine messages (continued)retain 68
quarantined itemsmanaging 57
submitting samples 70
quick search, performing 57
Rreassignment map 83
reportsconfiguring 39
downloading 78
generating 78
multi-dimensional 77
reports extension, installing 37
requirements 21
restoring the database, MariaDB for MQM 89
restricted rights, create administrators with 44
Ssample submissions 69
scheduled backup task, MariaDB for MQM 89
search results, user submissions 58, 63
searches, quarantined items 57
server administration 17
ServicePortal, finding product documentation 8settings, advanced 82
single sign on via http header 18
SMTP communication 42
spam samples, submitting 69
spam, data 77
statistics 77
status email task, creating 60
status email tasks, creating 40
status report emails, configuring 83
status reports 60
submissions to McAfee Labs, configuring 82
supported upgrades 29
system requirements 21
Ttechnical support, finding product information 8thread pool size 82
top 10 reports 78
transport layer security 42
Uunwanted content 77
upgrades, supported 21, 29
user accounts, configuring 66
user accounts, creating 55
user configurations, changing 56
user interfaceaccessing 65
Index
McAfee Quarantine Manager 7.1.1 Product Guide 97
user submissions 63
user submissions, managing 58, 63
user synchronization 60
user synchronization tasks, creating 40, 60
usersimporting 54
importing from a file 54
users, importing from LDAP servers 53
users, registering automatically 53
Vview search results, user submissions 63
viruses 77
VMware 13
Wweb-based user interface
managing quarantined messages from 68
whitelistsconfiguring 73
managing 66, 73, 74
types 73
Windows components, required 21
Index
98 McAfee Quarantine Manager 7.1.1 Product Guide