Release Notes for McAfee Security for Microsoft SharePoint 2.5 (previously known as McAfee PortalShield) Beta

About this document

Thank you for using this McAfee® product. This document contains important information about this release. We strongly recommend that you read the entire document.

CAUTION: This is a beta quality code. We strongly recommend that you do not install this software into a production environment. We do not support automatic upgrading of a pre-release version of the software. To upgrade to a production release of the software, you must first uninstall the existing version of the software.

New features

Here is a list of new and updated features included with this release of the product.

Support for Microsoft SharePoint Server 2010 Beta/Sharepoint Foundation 2010 Beta

This release provides support for Microsoft SharePoint Server 2010 Beta/Sharepoint Foundation 2010 Beta.

Consolidation support for Microsoft SharePoint 2003, 2007, and 2010 Beta

This release consolidates support for Microsoft SharePoint 2003, 2007, and 2010 Beta in a single package.

Support for McAfee Artemis integration

This release integrates with McAfee Artemis.

McAfee Artemis Technology:
  • Provides always-on real-time protection that safeguards and secures from emerging threats.

  • Enables the leverage of threat intelligence gathered by McAfee Labs to prevent damage and data theft even before a signature or DAT update is available.

When a suspicious file is detected on a client system protected by a McAfee anti-malware product with Artemis, it connects to McAfee servers in real time and a checks against the database. With real time input from McAfee protected systems, Artemis provides an "up to the minute" repository of malware samples and information. If the suspicious file is found to be malicious, the client system will be notified and protected. The Artemis query and response happens in milliseconds. Artemis does not replace signature files, it adds to signature files. The signature or DAT files are required for further actions such as cleaning and repair.

McAfee Artemis protection is available only if the system is connected to internet. Without network connectivity, the client systems are protected by the locally stored signature or DAT files. The traffic generated by Artemis is low and protection is available on a low speed connection.

Improved performance - Incremental on-demand scan (Scans only new files)

Incremental on-demand scans can be used to scan any set of newly added documents in the repository without scanning the entire repository. Scanning documents incrementally saves considerable amount of time for the administrators.

The incremental on-demand scans can be scheduled with the following options:

  • Scan from last scanned date: Scans all documents which are added in the repository after the last successful run of scheduled on-demand scan. All the documents are scanned if you are running the task for the first time. Succeeding scans will process only the newly added files.
  • Scan from a specific date: Scans all documents in the repository whose last modified date is before the specified date.

Support for resumable on-demand scan (pause or resume scan tasks)

On-demand scan task in McAfee Security for Microsoft SharePoint performs a user initiated scan for infections and banned content in SharePoint repositories. In the earlier versions of this product, on-demand Scan tasks could be stopped based on a schedule or after a time span. In such cases, the on-demand scan task would start from the beginning if initiated again. It may take considerable amount of time to finish a complete on-demand scan while scanning SharePoint repositories which are large in size. McAfee Security for Microsoft SharePoint 2.5 version introduces Resumable on-demand scans where scan tasks can be stopped and resumed as per an available maintainence window. When a resumable scan task is stopped while a scan is in progress,McAfee Security for Microsoft SharePoint 2.5 saves the current state of the scan task. At a later point of time when the same task is started (resumed), scan will resume from the last scanned folder. In the event of a signature update while a scan is paused, MSMS provides an option to restart the scan with the updated signature (DATs). A regular on-demand scan task can be scheduled by selecting the "Off" option on the Configure Settings tab in the OnDemand Task wizard.

Support for configuration of file extension exclusion for on-demand scan tasks

The excluded file types are not scanned during an on-demand scan, improving the scan performance.

ePolicy Orchestrator 4.x manageability

ePolicy Orchestrator 4.X manageability for:
  • Incremental on-demand scan.
  • Resumable on-demand scan.
  • Configuration of file extension exclusion for on-demand scan.
  • Artemis integration.

McAfee ePolicy Orchestrator version 4.0 and 4.5 provides a single point of control for McAfee Security for Microsoft SharePoint, to manage anti-virus policies and view anti-virus events and malware activity reports.

Support for McAfee Agent 4.x integration

This release integrates with McAfee Agent 4.x.

Product name changes in the user interface

"McAfee PortalShield" is renamed as "McAfee Security for Microsoft SharePoint server. The product name change in user interface reflects the products enhanced scope in securing different versions of SharePoint server. For more information, refer to the McAfee Knowledgebase article KB52553.

Support for virtualization environment - ESX server 4.X/Hyper-V

McAfee Security for Microsoft SharePoint server is supported in virtual environment such as VMware Workstation, VMware Server,VMware ESX 4.X and Hyper-V environment. For details on the supported environments for McAfee Security for Microsoft SharePoint, refer to the McAfee Knowledgebase article KB68141.

Automatic addition of user groups to McAfee Access Control List

This version adds Farm Administrator ,IIS and WSS User Groups to McAfee Access Control List (SdEdit.exe) automatically.

Addition of other fixes

This version includes the folloewing fixes:
  • 438042 - Supports ePolicy Orchestrator notifications for McAfee Security for Microsoft SharePoint anti-virus policy configured as "Prevent Upload/Download" with cleaning option disabled.
  • 498995 – Supports configuration of File Filtering rule in McAfee Security for Microsoft SharePoint.
  • 498052 - SetSQLAct.exe displays incorrect version of SharePoint server.
  • 477514 - Unable to install PortalShield 2.0 SP1 report extension after migrating ePolicy Orchestrator 3.6.1 Patch4 to ePolicy Orchestrator 4.5 server.

  • 492816 - Unable to select sub folders for site information while configuring on-demand scan.

NOTE:
The following features are not supported for Microsoft SharePoint 2003 or SharePoint Services 2.0:
  • Incremental on-demand scan.
  • Resumable on-demand scan.
  • Configuration of file extension exclusion for on-demand scan.

Known issues

Here is a list of known issues that we were aware of at production time:

To view an updated list of issues associated with this release, see KB68138 in the McAfee Support online KnowledgeBase: https://mysupport.mcafee.com.

Installation and upgrade issue

  • McAfee Security for Microsoft SharePoint Beta release is supported only in English.

Functionality issues

  • Deploying McAfee Security for Microsoft SharePoint with a higher version of DATs using ePolicy Orchestrator, which has a lower version of DATs fails to run on-demand scan.

    Workaround: Ensure ePolicy Orchestrator repository has the latest version of DATs.

  • Internet Explorer 7.0 shortcut created for McAfee Security for Microsoft SharePoint 2.5 during first installation does not work on re-installing the software. The following error is displayed:

    "Problem with Shortcut The target of this Internet shortcut is not valid".

    Workaround: Manually delete the shortcut.

  • Deploying McAfee Security for Microsoft SharePoint 2.5 using ePolicy Orchestrator fails to run update task.

  • On-demand scan task for the "Scan selected folders" and "Scan all except selected folders" options on ePolicy Orchestrator using Internet Explorer version 6 or 7 does not function if subfolders on SharePoint server 2003 are included in the target folder path.

    Workaround: Open ePolicy Orchestrator using Mozilla Firefox or Microsoft Internet Explorer v8.0.

  • Old DATs are not purged as configured in DAT Settings.
    Workaround: Manually delete the old DATs from the following location:
    <Installation Directory>\McAfee\McAfee PortalShield\bin\DATs
    .

Documentation issue

  • Product name and the online Help for new features are not updated.

Resolved issues

Here is a list of issues from previous releases of the software that have been fixed in this release.

  • Issue — Scheduling on-demand scan in PortalShield 2.0 SP1 for Microsoft Office SharePoint Server 2007 Farm in 32-bit virtual environment displays "Run Access Violation" error message.

    Resolution — On-demand scan succeeds for individual scan folders.

  • Issue — Administrator needs to manually add the SharePoint user groups requiring access to the shared memory pipe.

    Resolution — McAfee Security for Microsoft SharePoint lists the SharePoint user groups having access to the shared memory pipe. The product deployment enforces access control using ePolicy Orchestrator without any local server intervention.

  • Issue — After migrating ePolicy Orchestrator 3.6.1 Patch4 to ePolicy Orchestrator 4.5 (English locale), the following error is displayed while installing the MSMS report extension:

    Unable to install extension java.sql.SQL.Extension: Cannot insert the value NULL into column 'EventCategory'.

    Resolution — Report extension is installed successfully.

  • Issue — Clicking Show Status on OnDemand scan report page hangs Internet explorer.

    Resolution — The detailed scan report is displayed.

Installation instructions

Requirements

Server Operating Systems

  • Windows 2003 Standard/Enterprise Server SP2 (32-bit or 64-bit).
  • Windows 2003 Standard/Enterprise Server R2 (32-bit or 64-bit).
  • Windows 2008 Standard/Enterprise Server (32-bit or 64-bit).
  • Windows 2008 Standard/Enterprise Server R2 (64-bit).
NOTE: For Service Pack information, see Windows service pack requirements release notes.

Microsoft SharePoint Server

  • SharePoint Server 2003/Windows SharePoint Services 2.0 (32-bit).
  • Microsoft Office SharePoint Server 2007/Windows SharePoint Services version 3.0 (32-bit or 64-bit).
  • Microsoft Office SharePoint Server 2007 SP2/Windows SharePoint Services version 3.0 SP2 (32-bit or 64-bit).
  • Microsoft SharePoint Server 2010 Beta/SharePoint Foundation 2010 Beta (64-bit).

Processor

  • 2.5 Gigahertz (GHz) processor or higher, dual processor, 3 GHz or higher.
  • Intel x64 architecture-based processor that supports Intel Extended Memory 64-bit Technology (Intel EM64T).

Memory

  • Minimum 4 GB RAM.
  • Minimum 500 MB of free hard disk space where Microsoft SharePoint is installed.

Installing the product

Before you begin

Microsoft SharePoint server must be installed on the computer on which McAfee Security for Microsoft SharePoint is to be installed.

  1. Using an administrator account, log on to the computer that has Microsoft SharePoint server installed on it.
  2. Close all the SharePoint application windows, if open.
  3. Create a temporary directory on the network or local drive.
  4. To install, do one of the following depending on how you obtained the software:
    • Insert the CD into the computer’s drive and copy the installation files into the temporary directory you created.
    • Download the .ZIP archive and extract the file to the temporary directory.
  5. Extract the MSMSv25.ZIP file and double-click SETUP.EXE.
  6. Accept the End User License agreement, then click OK. The "Welcome to the McAfee Security for Microsoft SharePoint Installation Wizard" screen appears.
  7. Click Next. The Server Settings screen appears.
  8. Provide the Port number on which the Internet Information Services will host the McAfee McAfee Security for Microsoft SharePoint website. The default value is "45900".
  9. Click Next. The Destination Folder screen appears.
  10. Click Browse to select the destination folder or Next to install the software in the default directory. The Ready to Install the Application screen appears.
  11. Click Next. The Updating System screen appears.
  12. After the updations are complete, click Finish.
    NOTE: To re-install Microsoft SharePoint server, you must uninstall McAfee Security for Microsoft SharePoint first, then re-install SharePoint and install McAfee Security for Microsoft SharePoint again.

    If you are upgrading your Microsoft SharePoint Portal Server 2003 to Microsoft Office SharePoint 2007 or Microsoft office SharePoint 2007 to Microsoft SharePoint 2010, you must uninstall McAfee Security for Microsoft SharePoint before upgrading SharePoint, and then re-install it.

    While re-installing or upgrading McAfee Security for Microsoft SharePoint, restart your computer if prompted.

Setting database account information
NOTE: This procedure applies only to:
  • Microsoft SharePoint Portal Server 2003 and Windows SharePoint Services installations that use a remote SQL database.
  • Microsoft Office SharePoint Server 2007 (both Local and Remote).
  • Microsoft SharePoint Server 2010 Beta (both Local and Remote).
  1. Perform Step 1 to 10 of the standard installation procedure.
  2. Type your administrator credentials (domain\username or hostname\username and password):
    • For the Remote SQL Database used by Microsoft SharePoint Portal Server 2003.
    • For the Microsoft Office SharePoint Server 2007.
    • For the Microsoft SharePoint Server 2010 Beta.
  3. Click Next. The account credentials (username and password) are validated.
    NOTE: If your administrator credentials are not valid, a warning dialog box appears. Check the credentials that you supplied. If you are sure that the credentials you supplied are correct, you can "override" the warning and install McAfee Security for Microsoft SharePoint with "unresolved" account information.
  4. Click Next. The Ready to Install the Application dialog box appears.
  5. Click Next. The Updating System dialog box appears, displaying progress messages and a progress bar.
  6. Click Finish.
Enabling Atremis settings from McAfee Security for Microsoft SharePoint (on client computer)

Artemis settings can be managed either locally or using ePolicy Orchestrator for on-access and on-demand scanning.

  1. Using an administrator account, log on to the computer that has Microsoft SharePoint server installed on it.
  2. Launch McAfee Security for Microsoft SharePoint Server user interface.
  3. Select Policy Manager | OnAccess or OnDemand. The McAfee Policy Manager page for the selected scanning mode appears.
  4. Click Master Policy. The Master Policy settings page for the selected scanning mode appears.
  5. Click Anti-Virus Scanner. The View Settings tab appears.
  6. In Activation, select Enable.
  7. In Options, select the anti-virus option that you want to configure, then click Edit. The Anti-Virus Scanner Settings page appears.
  8. In Basic Options tab, select Enable Artemis Technology and the required Sensitivity Level. For more details on Sensitivity Level, refer to KB68631.
  9. Click Save. The Policy Manager page for the selected scanning mode appears.
  10. Click Apply.
    NOTE: Refresh the page to view policy setting changes in the user interface.
    NOTE: For deployment procedures using ePolicy Orchestrator, refer to the product release notes.

Post installation

Testing your installation

You can test the operation of the software by running the EICAR Standard Antivirus Test File on any computer where you have installed the software. The EICAR Standard Antivirus Test File is a combined effort by anti-virus vendors throughout the world to implement one standard by which customers can verify their anti-virus installations.

  1. Copy the following line into its own file, then save the file with the name EICAR.COM:

    X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

    NOTE: Microsoft SharePoint Portal Server 2003 and Microsoft Windows SharePoint Services automatically blocks .COM files. Therefore, save this file as EICAR.TXT for these versions of SharePoint. You must use a plain text editor to do this, such as Notepad — NOT Microsoft Word or WordPad. The file size will be 68 or 70 bytes.

    If you have other anti-virus software installed on your server, such as McAfee VirusScan Enterprise, you should disable the scanner whilst carrying out this test to prevent the file being identified by the other anti-virus software.

  2. To test the on-access scanner, start the McAfee Security for Microsoft SharePoint software and add the EICAR.TXT file to your Microsoft SharePoint document store. The on-access scanner reports finding the EICAR test file.
  3. To test the McAfee Security for Microsoft SharePoint on-demand scanner, disable on-access scanning. To disable on-access scanning:

    • From McAfee Security for Microsoft SharePoint 2.5 dashboard:

      1. Click On-Access Settings (top right), if enabled.
      2. Deselect the options, Scan documents on upload and Scan documents on download.

    • From Microsoft SharePoint Portal Server:

      1. Open the Microsoft SharePoint administration interface by clicking Start | Programs | SharePoint Portal Server | SharePoint Central Administration.
      2. Click Configure anti-virus settings under Security Configuration.
      3. Deselect the options Scan documents on upload and Scan documents on download.
  4. Add EICAR.TXT into the document store. Schedule an on-demand scan for that document store. The McAfee Security for Microsoft SharePoint software reports finding the EICAR test file.
  5. Delete the file after you have finished testing your installation to avoid alarming unsuspecting users.
  6. Ensure to re-enable on-access scanning to provide protection against viruses and unwanted files and content within your SharePoint system.
    NOTE: This EICAR test file is NOT A VIRUS. If you disabled any other anti-virus software during these tests, remember to re-enable them.
Uninstallation

Uninstall McAfee Security for Microsoft SharePoint using the "Add/Remove Programs" feature in Control Panel.

NOTE:
  • Some files/folders may not be deleted from the installed location after uninstalling McAfee Security for Microsoft SharePoint. Delete them manually.
  • Uninstalling McAfee Security for Microsoft SharePoint from client system does not remove McAfee Agent 4.x from your computer.
  • For uninstalling McAfee Security for Microsoft SharePoint using ePolicy Orchestrator, see the product release notes.

More information

Enforcing policies for Artemis

  1. Using an administrative account, log on to the ePolicy Orchestrator server.
  2. Click Systems | System Tree and choose a desired group.
  3. Select the desired system(s).
  4. Click Assigned Policies.The "Assigning Policy for <n> system" page appears.
    NOTE: ‘n’ refers to the number of systems you have selected.
  5. Select the desired Product, Category, and Policy from the drop-down, then click Save.
  6. Follow steps 3 to 9 from the Enabling Atremis settings from McAfee Security for Microsoft SharePoint (on client computer) section.
  7. Select the client system, then send an agent wake-up call.

Creating a new custom on-demand scan task

  1. Using an administrator account, log on to the ePolicy Orchestrator server.
  2. Click Systems | System Tree and choose a desired group.
  3. From Client Tasks, select the desired group in the System Tree for which you want to create the on-demand scan task.

  4. Click New Task. The Client Task Builder wizard appears.

  5. Under Description, type a Name and Notes (optional).
  6. Choose OnDemand Scan (McAfee Security for Microsoft SharePoint 2.5) as Type, then click Next.
  7. On Configuration tab:

    • To scan selected folder, click Choose What to Scan tab, then specify and include the Web Application name and the Target Folder Path. Verify that Folders to Scan displays the selected folder path.

      Example 1:

      Web Application Name: SharePoint - 80

      Target Folder Path: http://hostname/default/foldername

      Example 2:

      Web Application Name: STS_WFESPS2003

      Target Folder Path: <folder name>/<subfolder name>

      NOTE: Select SharePoint 2003 to specify the scan target path
    • To configure Settings, specify Excluded file extension(s), then configure the Advanced settings to Resumable Scanning.
  8. Click Next. The Schedule tab appears.
  9. Schedule the task as desired, then click Next to view the Summary.
  10. Click Save.
  11. Send an agent wake-up call.

Migrating events from ePolicy Orchestrator version 3.6 to 4.x

The ePolicy Orchestrator 3.6 database should be present for events migration.

  1. Using an administrator account, log on to the ePolicy Orchestrator server.
  2. Click Automation | New Task. The Server Task Builder page appears.
  3. In Description, type a Name, Note and select Enabled or Disabled appropriately as the Schedule status. Click Next.
  4. In Actions, select Event Migration from the drop-down and select the Product Name as McAfee Security for Microsoft SharePoint 2.5. Click Next.
  5. Schedule the task, then click Next. A summary of the created task appears.
  6. Click Save.
    NOTE: For custom installation:
    1. Copy the "psh2000-eventpkg.dts" package from the following path: <ePO install directory>\Server\extensions\installed\PSH20REPORTS\2.0.<build number>.<package number>\Events.
    2. Paste it into <DB Directory Path>\Migration\Events.

To run a migration task immediately:

  1. Click the Automation tab. The Server Tasks page appears.
  2. Click the Run link of the corresponding task.

McAfee beta program

Download Site: http://www.mcafeesecurity.com/us/downloads/beta/mcafeebetahome.htm.

Email to Submit Beta Feedback: msms-beta@mcafee.com.

Finding product documentation

McAfee provides the information you need during each phase of product implementation, from installing to using and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase.

For option definitions, click ? in the interface.

  1. Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.
  2. Under Self Service, access the type of information you need:
    For user documentation For the KnowledgeBase
    1. Click Product Documentation.
    2. Select a Product, then select a Version.
    3. Select a product document.
    • Click Search the KnowledgeBase for answers to your product questions.
    • Click Browse the KnowledgeBase for articles listed by product and version.
COPYRIGHT

COPYRIGHT

Copyright © 2010 McAfee, Inc. All Rights Reserved.

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.

TRADEMARK ATTRIBUTIONS

TRADEMARK ATTRIBUTIONS

AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

LICENSE INFORMATION

LICENSE INFORMATION

License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.