McAfee Client Proxy 2.3.0 Product Guide (For use with ... · For use with McAfee ePolicy Orchestrator Cloud. ... Important advice to protect your computer system, software ... you

Product Guide

McAfee Client Proxy 2.3.0For Windows and Mac OS

For use with McAfee ePolicy Orchestrator Cloud

COPYRIGHT

© 2016 Intel Corporation

TRADEMARK ATTRIBUTIONSIntel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee ActiveProtection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfeeTotal Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.Other marks and brands may be claimed as the property of others.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

2 McAfee Client Proxy 2.3.0 Product GuideFor Windows and Mac OS

Contents

Preface 5About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1 Product overview 7What is the Web Protection hybrid solution? . . . . . . . . . . . . . . . . . . . . . . . 7How Client Proxy works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Client Proxy metadata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Deployment options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Integration with Endpoint Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2 Deploying Client Proxy 11Client computer requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Deploy the client software package . . . . . . . . . . . . . . . . . . . . . . . . . . 12

3 Managing Client Proxy policies 13Configuring the policy areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

How Client Proxy manages the proxy server list . . . . . . . . . . . . . . . . . . 13Configure the proxy server list . . . . . . . . . . . . . . . . . . . . . . . . . 14Client configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Configure the client settings . . . . . . . . . . . . . . . . . . . . . . . . . . 15Configure the bypass list . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Configure the block list . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Assign the policy to end-user computers . . . . . . . . . . . . . . . . . . . . . . . . 17Export the policy to an .xml or .opg file . . . . . . . . . . . . . . . . . . . . . . . . . 17Policy Catalog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

4 Maintaining Client Proxy 19Considerations when changing the shared password . . . . . . . . . . . . . . . . . . . . 19Uninstall the Client Proxy software . . . . . . . . . . . . . . . . . . . . . . . . . . 19Working with end users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

View information about Client Proxy on a Windows-based computer . . . . . . . . . . 20View information about Client Proxy on an OS X computer . . . . . . . . . . . . . . 20Suspending policy enforcement . . . . . . . . . . . . . . . . . . . . . . . . . 21

Index 23

McAfee Client Proxy 2.3.0 Product GuideFor Windows and Mac OS

3

Contents


Preface

This guide provides the information you need to work with your McAfee product.

Contents About this guide Find product documentation

About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.

AudienceMcAfee documentation is carefully researched and written for the target audience.

The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

ConventionsThis guide uses these typographical conventions and icons.

Italic Title of a book, chapter, or topic; a new term; emphasis

Bold Text that is emphasized

Monospace Commands and other text that the user types; a code sample; a displayed message

Narrow Bold Words from the product interface like options, menus, buttons, and dialog boxes

Hypertext blue A link to a topic or to an external website

Note: Extra information to emphasize a point, remind the reader of something, orprovide an alternative method

Tip: Best practice information

Caution: Important advice to protect your computer system, software installation,network, business, or data

Warning: Critical advice to prevent bodily harm when using a hardware product


5

Find product documentationOn the ServicePortal, you can find information about a released product, including productdocumentation, technical articles, and more.

Task1 Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab.

2 In the Knowledge Base pane under Content Source, click Product Documentation.

3 Select a product and version, then click Search to display a list of documents.

PrefaceFind product documentation


https://support.mcafee.com

1 Product overview

McAfee®

Client Proxy is endpoint client software for Microsoft Windows and Mac OS X that is anessential component of the McAfee

®

Web Protection hybrid deployment solution. The Client Proxytechnology allows you to apply your organization's web security policy to a computer, whether it islocated inside or outside your network.

Contents What is the Web Protection hybrid solution? How Client Proxy works Deployment options Integration with Endpoint Security

What is the Web Protection hybrid solution? The hybrid solution allows organizations to switch between the network-based and cloud-basedsecurity solutions provided by McAfee

®

Web Gateway and McAfee®

Web Gateway Cloud Service(McAfee

®

WGCS), respectively.

Web gateways and other appliances do not protect equipment after it leaves your organization'snetwork. For example, when users in your organization take laptops on business trips or work fromhome, they leave the network's secure zone.

Client Proxy is installed on the computers of end users in your organization. Using thelocation-awareness settings that you configure, Client Proxy determines whether the computers arelocated inside or outside your network or are connected to your network by VPN.

In a hybrid deployment, Client Proxy lets web requests sent by users working inside the network orconnected to the network by VPN pass. These requests are automatically redirected for filtering to aWeb Gateway appliance installed on the network. Web requests sent by users working outside thenetwork, on the other hand, are redirected to McAfee WGCS for filtering.

For more information about the hybrid solution, see the McAfee Web Protection Hybrid DeploymentGuide.

1


7

How Client Proxy worksUsing location-awareness settings, Client Proxy protects the computers of end users in yourorganization, whether they are located inside or outside your network.

Client Proxy software redirects, blocks, or lets pass web traffic and network communications accordingto the policy you configure and location of the end-user computer.

Figure 1-1 Client Proxy workflow

When an end user is working inside your organization's network, Client Proxy software:1 Recognizes that the end user is working inside your organization's network

2 Remains passive, allowing web traffic and network communications to pass to Web Gateway forfiltering

When an end user is working outside your organization's network, Client Proxy software:1 Recognizes that the end user is working outside your organization's network

2 Redirects all web traffic and network communications to the McAfee WGCS service

1 Product overviewHow Client Proxy works


Client Proxy metadataWhen the Client Proxy software redirects HTTP/HTTPS traffic, it adds metadata to the requests.

Proxy server administrators configure and apply policies based on the values in the metadata:

• Authentication tokens • User ID

• Authentication version • User groups

• Customer ID • Client IP address

• Tenant ID • Original destination IP address

The authentication version is the version of the metadata that Client Proxy shares with the proxy server.

Deployment optionsClient Proxy consists of server and client software that is deployed using the McAfee ePO or McAfeeePO Cloud management platform. Deployment details depend on which management platform is used.

Server software

When Client Proxy is deployed using McAfee ePO Cloud, the server software comes installed on theplatform and does not need to be installed by an administrator.

Client software

The client software is checked in to the McAfee ePO Cloud Master Repository as a package and thendeployed to the client computers in your organization. Client software and computers are also calledendpoint software and computers, respectively. Endpoint computers are sometimes called theendpoint.

When Client Proxy is deployed using McAfee ePO Cloud, the client package is already checked in to theMaster Repository and only needs to be deployed to the endpoint.

Deployment using McAfee ePO versus McAfee ePO Cloud

This table summarizes the differences between deploying Client Proxy using the on-premise and cloudversions of McAfee ePO.

Managementplatform

Server software(extension)

Client software (package)

McAfee ePO The administrator installs theextension software on theplatform.

The administrator checks in the client packageto the Master Repository and then deploys thepackage to the endpoint.

McAfee ePO Cloud The extension softwarecomes installed on theplatform.

The client package is already checked in to theMaster Repository. The administrator onlyneeds to deploy the package to the endpoint.

For more information about deploying Client Proxy using McAfee ePO, see the McAfee Client ProxyProduct Guide for McAfee ePolicy Orchestrator .

Product overviewDeployment options 1


9

Integration with Endpoint SecurityClient Proxy is available as a standalone product or integrated with Endpoint Security.

When integrated, Client Proxy joins the Endpoint Security family, including:

• McAfee® Endpoint Security Threat Prevention

• McAfee® Endpoint Security Firewall

• McAfee® Endpoint Security Web Control

Whether standalone or integrated, Client Proxy is managed using McAfee ePO Cloud and themanagement tasks are the same. When Client Proxy is integrated with Endpoint Security:

1 The client software package is deployed to the endpoint and installed as a module on the EndpointSolution Platform.

2 The administrator can configure Web Control so that it is disabled while Client Proxy is installed andrunning.

On a Windows-based computer, you can view the integration status of Client Proxy by opening theAbout McAfee Client Proxy window. If EspMode is set to ON, Client Proxy is installed and running on theEndpoint Security Platform.

1 Product overviewIntegration with Endpoint Security


2 Deploying Client Proxy

Using McAfee®

ePolicy Orchestrator®

Cloud (McAfee®

ePO™

Cloud), deploy the Client Proxy software tothe computers of end users in your organization.

Contents Client computer requirements Deploy the client software package

Client computer requirementsClient Proxy software runs on the client computers in your organization. Before deploying the softwarefrom McAfee ePO Cloud to the client computers, verify that the client computers meet theserequirements.

Hardware requirements

Verify that the client computers meet these hardware requirements:

• RAM — 1 GB minimum (2 GB recommended)

• Hard disk — 300 MB free disk space minimum (500 MB recommended)

Operating systems

Verify that the client computers are running a supported operating system:

• Windows Vista SP2 or later • OS X 10.9 (Mavericks)

• Windows 7 SP1 or later • OS X 10.10 (Yosemite)

• Windows 8 or 8.1 • OS X 10.11 (El Capitan)

• Windows 10

McAfee software

Verify that the client computers are running compatible versions of Client Proxy and McAfee Agentsoftware.

Component Supported versions

End-user computers running Windows

Client Proxy software for Windows 2.3.0.288.1

McAfee Agent 5.0.3

End-user computers running Mac OS X

2


11

Component Supported versions

Client Proxy software for Mac OS X 2.3.0.107

McAfee Agent 5.0.3

Deploy the client software packageDeploy the client software package to the computers of end users in your organization.

Task1 In the McAfee ePO Cloud interface, select Menu | Software | Product Deployment.

2 Click New Deployment.

3 Provide values for these deployment settings:

a In the Name field, specify a name for this deployment.

b From the Type drop-down list, select Continuous.

c To automatically deploy the latest version of Client Proxy when it becomes available, select theAuto Update checkbox.

d From the Package drop-down list, select the version of the Client Proxy software that you want toinstall.

4 Click Select Systems.

The System Selection window opens.

5 On the System Tree tab, select My Organization, then click OK.

6 From the Select a start time drop-down list, select Run immediately, then click Save.

The Client Proxy software runs immediately on the end-user computers without restarting.

2 Deploying Client ProxyDeploy the client software package


3 Managing Client Proxy policies

In the McAfee ePO Cloud management console, you configure and manage Client Proxy policies.

Contents Configuring the policy areas Assign the policy to end-user computers Export the policy to an .xml or .opg file Policy Catalog

Configuring the policy areasClient Proxy policy configuration includes these areas: the proxy servers list, client configuration, thebypass list, and the block list.

Tasks• How Client Proxy manages the proxy server list on page 13

When configuring proxy servers for a Client Proxy policy, consider how Client Proxymanages the proxy server list.

• Configure the proxy server list on page 14To redirect network traffic to a proxy server, configure the proxy server list.

• Client configuration on page 15Client Proxy uses the Client Configuration settings to identify the customer and determinewhether end-user computers are located inside or outside the network.

• Configure the client settings on page 15Configure the settings that Client Proxy uses to identify the customer and determinewhether end-user computers are located inside or outside the network.

• Configure the bypass list on page 16Configure the McAfee® Common Catalog instance that Client Proxy uses to determine whichnetwork traffic is allowed to bypass the proxy server.

• Configure the block list on page 16Configure the list of processes running on end-user computers that are blocked fromaccessing the network.

How Client Proxy manages the proxy server listWhen configuring proxy servers for a Client Proxy policy, consider how Client Proxy manages the proxyserver list.

The Client Proxy software maintains an ordered list of proxy servers, with the proxy server having thefastest response time placed at the top of the list. The software updates the list from time to time.

3


13

For example, the list is updated when the end user starts the computer, the VPN connection breaks, aproxy server fails to respond, or the Client Proxy policy changes. At these times, the software tests theconnections to all proxy servers and reorders the list based on response times.

If redirection to the proxy server at the top of the list fails, the software tries redirecting to the secondproxy server in the list. At the same time, the software tests the proxy server connections again andupdates the proxy server list.

When configuring how the Client Proxy software selects the next proxy server from the list, you havethese options:

• connect to the first accessible Proxy Server based on their order in the list below — The software selects the nextproxy server from the list that you configure.

• connect to the Proxy Server that has the fastest response time — The software selects the next proxy server fromthe list that it maintains, which is based on response time.

Configure the proxy server list To redirect network traffic to a proxy server, configure the proxy server list.

When Client Proxy is deployed using McAfee ePO Cloud, you configure McAfee WGCS as the proxyserver, using this format for the host name: c<customer_id>.saasprotection.com.

Example: c12345678.saasprotection.com

To save the policy, you must configure at least one proxy server, and the configuration must include anIP address or host name and a port number.

Task1 In the McAfee ePO Cloud interface, select Menu | Policy | Policy Catalog.

2 From the Product drop-down list, select the current version of McAfee Client Proxy.

3 To configure a policy, click the policy's name.

4 From the Client Proxy Settings menu, select Proxy Servers.

5 In the Proxy Server List, select how Client Proxy connects to the proxy servers from these options:

• connect to the first accessible Proxy Server based on their order in the list below

• connect to the Proxy Server which has the fastest response time

6 Add proxy servers to the Proxy Server List:

a In the Proxy Server Address field, enter the IP address or host name of the proxy server.

b In the Proxy Port field, enter the port number of the proxy server.

c To redirect HTTP/HTTPS requests to the proxy server, select the HTTP/HTTPS checkbox.

Client Proxy redirects all requests going to ports 80 and 443.

d To redirect requests going to ports using protocols other than HTTP/HTTPS, specify the portnumbers in this field: Non-HTTP/HTTPS Redirected Ports.

Use this setting to redirect traffic that uses a transfer protocol other than HTTP/HTTPS. Verifythat the proxy server supports the protocol.

e Click Add.

3 Managing Client Proxy policiesConfiguring the policy areas


The IP address or host name is added to the Proxy Server List.

Using the icons in the Actions column, you can edit, delete, or change the order of the proxy serversin the list.

7 To redirect requests going to ports other than 80 or 443 using the HTTP/HTTPS protocol, specifythe port numbers in this field: Specify additional ports that you would like to redirect as HTTP/HTTPS traffic.

Use this setting to redirect traffic that is going to an application, for example, instead of a webbrowser.

8 To redirect all requests, including requests going to local addresses inside your organization'snetwork, deselect the Bypass proxy server for local addresses checkbox.

By default, Client Proxy does not redirect requests going to local addresses. To redirect all requeststo the proxy server, you can override the default setting.

Client configurationClient Proxy uses the Client Configuration settings to identify the customer and determine whetherend-user computers are located inside or outside the network.

• Configure Shared Password — Client Proxy and McAfee WGCS use this value to communicate securely.You can change the shared password or export the shared password and your customer ID in XMLformat. Using McAfee ePO, you can then import the exported credentials, if needed.

• Traffic Redirection Settings — Client Proxy uses this setting to determine when to redirect network trafficto the configured proxy servers.

• Corporate Network Detection — Client Proxy uses this setting to determine whether the end-usercomputer is located inside or outside the network.

• Corporate VPN Detection — Client Proxy uses this setting to determine whether the end-user computeris connected to the network through the VPN.

• Active Directory Groups Filter — Client Proxy uses the regular expressions that you configure to filter thelist of Active Directory groups included sent to the proxy server.

• Log File Settings (OS X Only) — Depending on this setting, Client Proxy logs error messages to a log fileon each end-user computer.

• Access Protection (Windows Only) — Depending on this setting, Client Proxy is protected fromunauthorized removal or tampering by end users.

Configure the client settingsConfigure the settings that Client Proxy uses to identify the customer and determine whether end-usercomputers are located inside or outside the network.

Task

1 In the McAfee ePO Cloud interface, select Menu | Policy | Policy Catalog.



4 From the Client Proxy Settings menu, select Client Configuration.

5 Enter and verify the Shared Password.

Client Proxy and McAfee WGCS use this value to communicate securely.

6 Configure the remaining options.

Managing Client Proxy policiesConfiguring the policy areas 3


15

Configure the bypass listConfigure the McAfee

®

Common Catalog instance that Client Proxy uses to determine which networktraffic is allowed to bypass the proxy server.

Each Client Proxy policy has a Common Catalog instance associated with it. The catalog is a list thatyou configure and that Client Proxy uses to determine which network traffic bypasses the proxy server.

The bypass list can include domain names, network addresses, network ports, and the names ofprocesses that end-user computers are allowed to access directly. Updating the bypass list in McAfeeePO Cloud also updates the Common Catalog instance associated with the policy.

Process names can be in Microsoft Windows format (test.exe) or Mac OS X format (test).




4 From the Client Proxy Settings menu, select Bypass List.

5 In the Bypass List window: From the Actions menu, select Add bypass list item, then select an item type.

The Choose from existing values dialog box opens.

6 Do one of the following:

• Select one or more existing catalog items.

• Click New Item, enter the new information, then click Save.

7 Click OK.

Configure the block listConfigure the list of processes running on end-user computers that are blocked from accessing thenetwork.

Each Client Proxy policy has a list of blocked processes associated with it. The block list is designed toreduce the amount of unwanted traffic that is redirected to the proxy server for filtering. Occasionally,the block list can restrict access to Internet resources, where the restriction was not intended.




4 From the Client Proxy Settings menu, select Block List.

3 Managing Client Proxy policiesConfiguring the policy areas


5 Select an option:

• Allow traffic to go directly to destination — No processes are blocked.

• Block traffic for all processes (except bypass listed processes) — All processes are blocked except forprocesses whose names are on the bypass list. These processes are allowed to access thenetwork directly.

• Block traffic only for the following processes — To configure the list of processes that you want blocked,enter the process names, clicking Add after each entry.

Windows process names must end with the .exe extension. Mac process names can be specifiedwithout the extension.

6 Click Save.

Assign the policy to end-user computersUsing McAfee ePO Cloud, assign the Client Proxy policy to specified end-user computers in yourorganization's network.

Task1 In the McAfee ePO Cloud interface, select Menu | Systems | System Tree.

2 From the System Tree menu, select a group or subgroup.

3 Click the Assigned Policies tab.


5 In the Actions column, click Edit Assignment.

The Policy Assignment for My Organization window appears.

6 Next to Inherit from, select Break inheritance and assign the policy and settings below.

7 From the Assigned policy drop-down list, select the policy.

8 Choose whether or not to lock policy inheritance.

9 Click Save.

Assign a Client Task to schedule the policy deployment to the endpoints.

Export the policy to an .xml or .opg fileYou can export the Client Proxy policy to an .xml file for troubleshooting or to an .opg file for importby client computers in your organization.


2 From the Product drop-down list, select the current version of McAfee Client Proxy, then select apolicy.

The Client Proxy Settings pane opens.

Managing Client Proxy policiesAssign the policy to end-user computers 3


17

3 From the Actions drop-down list, select Export Policy to File.

The Export Policy to File dialog box opens.

4 Click a link:

• McAfee Client Proxy Policy Server File — Exports the policy to a .xml file that you can use fortroubleshooting.

• McAfee Client Proxy Policy Client File — Exports the policy to a .opg file that can be imported by clientcomputers in your organization.

5 Save the file.

6 Click OK.

Policy CatalogOn the McAfee Client Proxy page of the Policy Catalog, you can create, import, export, rename, duplicate,delete, view, and edit policies.

The Client Proxy policy named McAfee Default is read only. It can be duplicated and saved with a newname, but it cannot be renamed, deleted, exported, or edited.

Table 3-1 Client Proxy policy options

Option Definition

New Policy When clicked, opens the Create a new policy dialog box, where you can select an existingpolicy to use as a template for a new policy and specify a name.

Import When clicked, opens the Import Policies dialog box, where you can browse for the .xml filethat has the policy you want to import.

Export When clicked, opens the Export page, where you have these options:• Click the link — Opens a new tab in your web browser, where you can view the policy in

XML format.

• Right-click the link, then select Save Link As, choose a folder, and optionally update thefile name — Downloads the policy to an .xml file.Default file name: Policies_For_McAfee_Client_Proxy_<x.y.z>.xml

<x.y.z> specifies the version number of Client Proxy.

Name Clicking this link opens the policy settings, which you can edit and save.

Owner Clicking this link opens a list of users and groups, where you can select the policy ownersand save any changes.

Assignments Clicking this link opens the list of nodes, to which the policy is assigned.

Actions • Rename — When clicked, opens the Rename Policy dialog box, where you specify a newname for the policy.

• Duplicate — When clicked, opens the Duplicate Existing Policy dialog box, where you specify aname for the new policy that is based on an existing policy.

• Delete — When clicked, opens the Delete Policy dialog box, where you confirm that youwant to delete the policy.

• Export — When clicked, opens the same page as the Export button.

3 Managing Client Proxy policiesPolicy Catalog


4 Maintaining Client Proxy

You can support end users and remove the Client Proxy software from end-user computers.

Contents Considerations when changing the shared password Uninstall the Client Proxy software Working with end users

Considerations when changing the shared passwordWhen changing the shared password in McAfee ePO Cloud, allow enough time for the password to beupdated in the system.

Updating the password in the system involves these steps and time estimates:

1 McAfee ePO Cloud deploys the updated Client Proxy policy to the computers of end users in yourorganization. This interval depends on the value configured for the Policy enforcement interval setting inyour McAfee Agent policy.

2 The Client Proxy software shares the new password with McAfee WGCS. This interval can take up to20 minutes.

The shared password must be synchronized in McAfee WGCS, or authentication fails.

Uninstall the Client Proxy software Using McAfee ePO Cloud, uninstall the Client Proxy software from the computers of end users in yourorganization.

Task1 In the McAfee ePO Cloud interface, select Menu | Software | Product Deployment.

2 Click New Deployment.

3 Provide values for these deployment settings:

a In the Name field, specify a name for this deployment.

b From the Type drop-down list, select Continuous.

c From the Package drop-down list, select the version of the Client Proxy software that you want touninstall.

d From the Action drop-down list, select Uninstall.

4


19

4 Click Select Systems.

The System Selection window opens.

5 On the System Tree tab, select My Organization, then click OK.

6 From the Select a start time drop-down list, select Run immediately, then click Save.

Working with end usersEnd users can view information about Client Proxy on their computers or temporarily suspend policyenforcement by contacting a McAfee

®

Help Desk administrator.

View information about Client Proxy on a Windows-basedcomputerOn an end-user computer running Windows, you can view information about the Client Proxy software,policy, and status.

Task1 On a Windows-based computer, click Start | All Programs | McAfee, then click About McAfee Client Proxy.

2 In the McAfee Client Proxy window, you can view the following information:

• Version Number — Specifies the version and build number of the Client Proxy software installed onthe end-user computer.

• Active Proxy — Specifies the address of the proxy server to which Client Proxy is redirecting traffic.

• Connection Status — Specifies whether the end-user computer is connected to the network.

• EspMode — Specifies whether Client Proxy is installed and running on the Endpoint SolutionPlatform.

• Policy Name — Specifies the name of the policy that Client Proxy is applying.

• Policy Revision — Specifies the revision number of the policy that Client Proxy is applying.

• Policy Timestamp — Specifies the time when the Client Proxy policy was deployed to the end-usercomputer.

• Status — Specifies whether Client Proxy is working in active or passive mode.

3 To close the window, click Ok.

View information about Client Proxy on an OS X computerOn an end-user computer running OS X, you can view information about the Client Proxy software,policy, and status.

Task1 On an OS X computer, click the McAfee menulet and select About McAfee Endpoint Protection for Mac.

4 Maintaining Client ProxyWorking with end users


In the Client Proxy section, the following information is displayed:

• Client Proxy version and build number • Policy modified date

• Policy name • Proxy server

• Policy revision

2 Verify that you are connected to the proxy server: From the menulet, select the dashboard.

This message is displayed: Client Proxy: Redirecting.

Suspending policy enforcementEnd users can request permission to access or transfer sensitive information for a limited time.

Occasionally, there is a legitimate business reason to temporarily suspend the security policy so thatsensitive information can be accessed or transferred. Client Proxy uses a challenge-responsemechanism to perform this function.

The end user sends a request to an administrator, including the policy revision number andidentification code displayed in the Enter Release Code dialog box. Using this information and the McAfee

®

Help Desk software, the administrator creates a release code and then sends it to the end user.

The release code is valid for a limited time, and the time allowed for policy suspension is limited aswell. Thus, the end user must enter the release code in the dialog box and complete the task thatrequires policy suspension before the allowed time period expires.

Best practice: Removing the software from end-user computers

Client Proxy software cannot be removed from end-user computers without authorization. Usually, theadministrator uninstalls the software using McAfee ePO Cloud.

If McAfee ePO Cloud is not available and the end-user computer is running Windows, the administratorcan uninstall the software using the Windows Add or Remove Programs tool. In this case, theadministrator uses the challenge-response mechanism to generate the release key.

Generate a release codeTo temporarily suspend policy enforcement on end-user computers, users request a bypass releasecode from a Client Proxy administrator. Using Help Desk software, administrators create a release codeand send it to the end user.

Task1 To request a bypass release code on an end-user computer, do one of the following:

• On Mac OS X computers: From the McAfee menulet on the status bar, select McAfee EndpointProtection for Mac Preferences, then select Client Proxy.

• On computers running Windows: Click Start | All Programs | McAfee, then click Bypass McAfee ClientProxy.

The McAfee Client Proxy Enter Release Code dialog box opens.

While you are waiting for the administrator to send the release code, leave this dialog box open. Ifyou close it, you must start the procedure over.

2 Copy the number in the Policy Revision field and the code in the Identification field, send these values toyour administrator, and include your user name and email address.

Maintaining Client ProxyWorking with end users 4


21

3 When your administrator sends the release code, enter the code in the Release field, then do one ofthe following:

• On Mac OS X computers: Click Release.

• On computers running Windows: Click OK.

Policy enforcement is suspended for the time period specified by the administrator when creating thecode.

4 Maintaining Client ProxyWorking with end users


Index

Aabout this guide 5access protection 15

Windows 15

Active Directorygroups filter 15

Active Directory groups 15

authentication tokens 9authentication version 9

Bblock list

configuring 16

bypass listconfiguring 16

Cchallenge-response mechanism 21

client computersrequirements 11

client configuration 15

Client Proxyassigning a policy 17

how the software works 8integrated with Endpoint Security 10

managing the proxy server list 13

metadata 9policies 18

server and client software 9Client Proxy software

removing from end-user computers 21

uninstalling from end-user computers 19

Client Proxy, aboutviewing on a Windows-based computer 20

viewing on an OS X computer 20

client settingsconfiguring 15

client software packagedeploying 12

Common Catalog 16

conventions and icons used in this guide 5corporate network and VPN detection 15

corporate network detection 15

corporate VPN detection 15

customer ID 9

Ddeployment options 9documentation

audience for this guide 5product-specific, finding 6typographical conventions and icons 5

EEndpoint Solution Platform 10

EspMode 10

Hhardware

requirements on client computers 11

hybrid solution 7

IIP addresses

client and original destination 9

Llog file settings 15

OS X 15

MMcAfee Agent

supported versions 11

McAfee ServicePortal, accessing 6McAfee WGCS

configuring as the proxy server 14

metadataClient Proxy 9

Ooperating systems

supported on client computers 11


23

Ppolicies

Client Proxy 17, 18

exporting to an .xml or .opg file 17

suspending 21

policy areasconfiguring 13

Policy CatalogClient Proxy page 18

processesblocking 16

proxy server listconfiguring 14

how Client Proxy manages 13

Rrelease codes

generating 21

SServicePortal, finding product documentation 6

shared password 15

considerations when changing 19

Ttechnical support, finding product information 6tenant ID 9traffic redirection 15

traffic redirection settings 15

Uuser groups 9user ID 9

WWeb Control 10

Web Gateway appliancesconfiguring as proxy servers 14

Web Protectionhybrid solution 7

Index


00

Documents

McAfee Client Proxy 2.3.0 Product Guide (For use with ... · For use with McAfee ePolicy Orchestrator Cloud. ... Important advice to protect your computer system, software ... you