VirusScan Enterprise 8.7i: Enabling Artemis for On-Access Protection
Are you testing or using VirusScan Enterprise 8.7i in your enterprise? Do you use ePolicy Orchestrator 4.0? Are you considering implementing Artemis for On-Access scanning?
If so, then you've probably read this McAfee KB already:
<quote>
To enable Artemis Technology in VSE 8.7i using ePO 4.0:
On-Access Scan policy (Patch 1 for VSE 8.7i required):
- Launch ePO and click the Systems tab.
- Click the Policy Catalog tab and select VirusScan
Enterprise 8.7.0 On Access Scan Policy.
- Select to edit the policy for Server or
Workstation.
- Select the Scan Items tab and under Heuristic
network check for suspicious files, select the Sensitivity
level.
- Save the policy.
<endquote>
Unfortunately, the instructions don't work. There's no such policy as the "On Access Scan Policy" -- it simply doesn't exist.
Perhaps you thought that the information in the KB was a typo, and
you'd simply find it under "On-Access Default Process Policies", but
you won't. It is still missing.
After tinkering, you determine need to check in not only VSE 8.7i as a package, but also unzip the archive and install the new VSE 8.7i policies and reports as extensions. Also, make sure to do the same with VSE 8.7i Patch 1 for the VSE policy zip, and then again with VSE 8.7i including Patch 1 (the VSE policy included is a slight increment above that installed by Patch 1).
You've done all this, right?
Nope, it's still not under "On-Access Default Process Policies". The manual has a typo, and you'll actually find it under "On-Access General Policies" under "General - Heuristic network check for suspicious files".
Now that I've gone through the process, I thought this information might be of use to the community. I'll be sure to write my opinions of Artemis in the near future after adequate testing.