Você está na página 1de 33

Product Guide

McAfee Client Proxy 2.3.1


For Windows and Mac OS
For use with McAfee ePolicy Orchestrator
COPYRIGHT
© 2017 Intel Corporation

TRADEMARK ATTRIBUTIONS
Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee Active
Protection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,
McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfee
Total Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.
Other marks and brands may be claimed as the property of others.

LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A
FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.

2 McAfee Client Proxy 2.3.1 Product Guide


For Windows and Mac OS
Contents

Preface 5
About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1 Product overview 7
What is the Web Protection hybrid solution? . . . . . . . . . . . . . . . . . . . . . . . 7
How Client Proxy works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Client Proxy metadata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Deployment options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Integration with Endpoint Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2 Deploying Client Proxy 11


Client computer requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Deploying Client Proxy software . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Download and install the product files . . . . . . . . . . . . . . . . . . . . . . 12
Install the extension software . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Check in the client software package . . . . . . . . . . . . . . . . . . . . . . . 13
Deploy Client Proxy software to clients running Windows . . . . . . . . . . . . . . . 13
Deploying Client Proxy software to clients running Mac OS X . . . . . . . . . . . . . 14
View end-user installation data . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

3 Managing Client Proxy policies 17


Users and permission sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Configuring the policy areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
How Client Proxy manages the proxy server list . . . . . . . . . . . . . . . . . . 18
Configure the proxy server list . . . . . . . . . . . . . . . . . . . . . . . . . 18
Client configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Configure the client settings . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Configure the bypass list . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Configure the block list . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Assign the policy to the endpoint computers . . . . . . . . . . . . . . . . . . . . . . . 21
Export the policy to an .xml or .opg file . . . . . . . . . . . . . . . . . . . . . . . . . 22
Policy Catalog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

4 Maintaining Client Proxy 25


Upgrade the Client Proxy software . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Install a hotfix release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Uninstall the Client Proxy software . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Remove the extension software . . . . . . . . . . . . . . . . . . . . . . . . . 27
Remove the client software package . . . . . . . . . . . . . . . . . . . . . . . 27
Working with end users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
View information about Client Proxy on a Windows-based computer . . . . . . . . . . 28
View information about Client Proxy on an OS X computer . . . . . . . . . . . . . . 28

McAfee Client Proxy 2.3.1 Product Guide 3


For Windows and Mac OS
Contents

Suspending policy enforcement . . . . . . . . . . . . . . . . . . . . . . . . . 28

Index 31

4 McAfee Client Proxy 2.3.1 Product Guide


For Windows and Mac OS
Preface

This guide provides the information you need to work with your McAfee product.

Contents
About this guide
Find product documentation

About this guide


This information describes the guide's target audience, the typographical conventions and icons used
in this guide, and how the guide is organized.

Audience
McAfee documentation is carefully researched and written for the target audience.
The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

Conventions
This guide uses these typographical conventions and icons.

Italic Title of a book, chapter, or topic; a new term; emphasis


Bold Text that is emphasized
Monospace Commands and other text that the user types; a code sample; a displayed message
Narrow Bold Words from the product interface like options, menus, buttons, and dialog boxes
Hypertext blue A link to a topic or to an external website
Note: Extra information to emphasize a point, remind the reader of something, or
provide an alternative method
Tip: Best practice information

Caution: Important advice to protect your computer system, software installation,


network, business, or data
Warning: Critical advice to prevent bodily harm when using a hardware product

McAfee Client Proxy 2.3.1 Product Guide 5


For Windows and Mac OS
Preface
Find product documentation

Find product documentation


On the ServicePortal, you can find information about a released product, including product
documentation, technical articles, and more.

Task
1 Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab.

2 In the Knowledge Base pane under Content Source, click Product Documentation.

3 Select a product and version, then click Search to display a list of documents.

6 McAfee Client Proxy 2.3.1 Product Guide


For Windows and Mac OS
1 Product overview

®
McAfee Client Proxy is endpoint client software for Microsoft Windows and Mac OS X that is an
®
essential component of the McAfee Web Protection hybrid deployment solution. The Client Proxy
technology allows you to apply your organization's web security policy to an endpoint computer,
whether it is located inside or outside your network.

Contents
What is the Web Protection hybrid solution?
How Client Proxy works
Deployment options
Integration with Endpoint Security

What is the Web Protection hybrid solution?


The hybrid solution allows organizations to switch between the network-based and cloud-based
® ®
security solutions provided by McAfee Web Gateway and McAfee Web Gateway Cloud Service
®
(McAfee WGCS), respectively.
Web gateways and other appliances do not protect equipment after it leaves your organization's
network. For example, when users in your organization take laptops on business trips or work from
home, they leave the network's secure zone.

Client Proxy is installed on the computers of end users in your organization. Using the
location-awareness settings that you configure, Client Proxy determines whether the computers are
located inside or outside your network or are connected to your network by VPN.

In a hybrid deployment, Client Proxy lets web requests sent by users working inside the network or
connected to the network by VPN pass. These requests are automatically redirected for filtering to a
Web Gateway appliance installed on the network. Web requests sent by users working outside the
network, on the other hand, are redirected to McAfee WGCS for filtering.

For more information about the hybrid solution, see the McAfee Web Protection Hybrid Deployment
Guide.

End-user computers are referred to as endpoint computers.

McAfee Client Proxy 2.3.1 Product Guide 7


For Windows and Mac OS
1
Product overview
How Client Proxy works

How Client Proxy works


Using location-awareness settings, Client Proxy protects the computers of end users in your
organization, whether they are located inside or outside your network.
Client Proxy software redirects, blocks, or lets pass web traffic and network communications according
to the policy you configure and location of the endpoint computer.

Figure 1-1 Client Proxy workflow

When an end user is working inside your organization's network, Client Proxy software:
1 Recognizes that the end user is working inside your organization's network

2 Remains passive, allowing web traffic and network communications to pass to Web Gateway for
filtering
When an end user is working outside your organization's network, Client Proxy software:
1 Recognizes that the end user is working outside your organization's network

2 Redirects all web traffic and network communications to the McAfee WGCS service

8 McAfee Client Proxy 2.3.1 Product Guide


For Windows and Mac OS
1
Product overview
Deployment options

Client Proxy metadata


When the Client Proxy software redirects HTTP/HTTPS traffic, it adds metadata to the requests.
Proxy server administrators configure and apply policies based on the values in the metadata:
• Authentication tokens • User groups

• Authentication version • Client IP address

• Customer ID • Original destination IP address

• User ID

The authentication version is the version of the metadata that Client Proxy shares with the proxy server.

Deployment options
Client Proxy consists of server and client software that is deployed using the McAfee ePO or McAfee
ePO Cloud management platform. Deployment details depend on which management platform is used.

Server software
The server software is installed on the McAfee ePO server and adds the Client Proxy server
functionality to the McAfee ePO platform. Because the server software extends the McAfee ePO
functionality, it is called the extension software or extension.

When Client Proxy is deployed using McAfee ePO Cloud, the server software comes installed on the
platform and does not need to be installed by an administrator.

Client software
The client software is checked in to the McAfee ePO Master Repository as a package and then deployed
to the client computers in your organization. Client software and computers are also called endpoint
software and computers, respectively. Endpoint computers are sometimes called the endpoint.

When Client Proxy is deployed using McAfee ePO Cloud, the client package is already checked in to the
Master Repository and only needs to be deployed to the endpoint.

Deployment using McAfee ePO versus McAfee ePO Cloud


This table summarizes the differences between deploying Client Proxy using the on-premise and cloud
versions of McAfee ePO.

Management Server software Client software (package)


platform (extension)
McAfee ePO The administrator installs the The administrator checks in the client package
extension software on the to the Master Repository and then deploys the
platform. package to the endpoint.
McAfee ePO Cloud The extension software The client package is already checked in to the
comes installed on the Master Repository. The administrator only
platform. needs to deploy the package to the endpoint.

For more information about deploying Client Proxy using McAfee ePO Cloud, see the McAfee Client Proxy
Product Guide for McAfee ePolicy Orchestrator Cloud.

McAfee Client Proxy 2.3.1 Product Guide 9


For Windows and Mac OS
1
Product overview
Integration with Endpoint Security

Integration with Endpoint Security


Client Proxy is available as a standalone product or integrated with Endpoint Security.

When integrated, Client Proxy joins the Endpoint Security family, including:
• McAfee Endpoint Security Threat Prevention
®

• McAfee Endpoint Security Firewall


®

• McAfee Endpoint Security Web Control


®

Whether standalone or integrated, Client Proxy is managed using McAfee ePO and the management
tasks are the same. When Client Proxy is integrated with Endpoint Security:
1 The client software package is deployed to the endpoint and installed as a module on the Endpoint
Solution Platform.

2 The administrator can configure Web Control so that it is disabled while Client Proxy is installed and
running.

On a Windows-based computer, you can view the integration status of Client Proxy by opening the
About McAfee Client Proxy window. If EspMode is set to ON, Client Proxy is installed and running on the
Endpoint Security Platform.

10 McAfee Client Proxy 2.3.1 Product Guide


For Windows and Mac OS
2 Deploying Client Proxy

® ® ® ™
Using McAfee ePolicy Orchestrator (McAfee ePO ) , deploy the Client Proxy server and client
software. The server software is installed on the McAfee ePO server and the client software package is
deployed to the computers of end users in your organization.

Contents
Client computer requirements
Deploying Client Proxy software
View end-user installation data

Client computer requirements


Client Proxy software runs on the client computers in your organization. Before deploying the software
from McAfee ePO to the client computers, verify that they meet these requirements.

Hardware requirements
Verify that the client computers meet these hardware requirements:
• RAM — 1 GB minimum (2 GB recommended)

• Hard disk — 300 MB free disk space minimum (500 MB recommended)

Operating systems
Verify that the client computers are running a supported operating system:
• Windows Server 2008 R2

• Windows Server 2012

• Windows Server 2012 R2

• Windows Server 2016

• Windows 7

• Windows 8 (Not including Windows 8 RT (Run Time) edition)

• Windows 8.1 Update 1

• Windows 10

• Windows 10 Anniversary Update

• Windows 10 RS2

• OS X 10.10 (Yosemite)

McAfee Client Proxy 2.3.1 Product Guide 11


For Windows and Mac OS
2
Deploying Client Proxy
Deploying Client Proxy software

• OS X 10.11 (El Capitan)

• OS X 10.12 (Sierra)

Deploying Client Proxy software


Download the Client Proxy product files on the administrator operating system. Using McAfee ePO,
install the extension software on the server, and check in the client software package. Then deploy the
client software to the computers of end users in your organization.

Contents
Download and install the product files
Install the extension software
Check in the client software package
Deploy Client Proxy software to clients running Windows
Deploying Client Proxy software to clients running Mac OS X

Download and install the product files


Download the Client Proxy product files from the McAfee Content & Cloud Security Portal and install
them on the administrator operating system. Client Proxy also supports McAfee ePO Software Manager.

Task
1 Download the product files.
a Log on to the operating system as an administrator.

b Go to the McAfee Content & Cloud Security Portal.

c Enter your user name and password, then click Login.

d Select Software | McAfee Web Gateway | Tools | McAfee Client Proxy.

e Select and save the .zip files for your operating system.
• Client Proxy server software for McAfee ePO: MCPSRVER1000_2.3.1.x_package.zip

• Client Proxy client software for Mac OS X: Mcpdistribution.zip

• Client Proxy client software for Windows: mcp-win 2.3.1 Build x Package #y.zip

x specifies the number of the build and y specifies the number of the package.

2 Install the server software, and check the client package into McAfee ePO.

Install the extension software


Install the Client Proxy extension .zip file so it is available in McAfee ePO.

Task
1 From the management console menu, select Software | Extensions.

2 Click Install Extension.

3 Click Browse to locate the Client Proxy extension file: MCPSRVER1000_2.3.1.x_package.zip, where x
specifies the number of the build.

12 McAfee Client Proxy 2.3.1 Product Guide


For Windows and Mac OS
2
Deploying Client Proxy
Deploying Client Proxy software

4 Select the file, then click Open | OK.

The Install Package window opens.

5 Click OK.
® ®
The package installs the Client Proxy manager, McAfee Common Catalog, McAfee Help Desk
software, and the related Help files.

Check in the client software package


Check the Client Proxy client software package in to the McAfee ePO Master Repository.

Task
1 From the management console menu, select Software | Master Repository.

2 Click Check In Package.

3 For the Package type, select Product or Update (.ZIP), then click Browse.

4 Select the Client Proxy Mac OS X or Windows client file that you downloaded earlier:
• Mac OS X — McpDistribution.zip

• Windows — mcp-win 2.3.1 Build x Package #y.zip


x specifies the number of the build and y specifies the number of the package.

5 Click Open, then click Next.

6 Review the package options, then click Save.

McAfee Client Proxy is visible in the Packages in Master Repository list.

Deploy Client Proxy software to clients running Windows


Using McAfee ePO, install Client Proxy software on the computers of end users in your organization.

Task
1 From the management console menu, select Systems | System Tree.

2 Select the organizational level to which you want the install action applied.

Selecting My Organization selects all computers managed by McAfee ePO.

3 Click the Assigned Client Tasks tab.

4 From the Actions drop-down list, select New Client Task Assignment.

5 In the Client Task Assignment Builder, configure the following options in the order shown, then click Create
New Task:
• Product — Select McAfee Agent.

• Task Type — Select Product Deployment.

6 In the New Task window, configure the following options, then click Save:
• Task Name — Specify a name for the task.

• Description — (Optional) Describe the task.

McAfee Client Proxy 2.3.1 Product Guide 13


For Windows and Mac OS
2
Deploying Client Proxy
View end-user installation data

• Target platforms — Select Windows.

• Products and components — From the drop-down list, select the version of McAfee Client Proxy that
you want to install on the endpoint computers, then from the Action drop-down list, select Install.

7 Click Next.

8 From the Schedule type drop-down list, select Run immediately, then click Next.

9 Review the task summary, then click Save.

The task is scheduled for the next time that the McAfee Agent checks for updates. To force the
installation to run immediately, issue an agent wake-up call.

After installation, Client Proxy runs immediately without restarting the endpoint computer.

Client Proxy does not redirect data until a policy is configured.

Deploying Client Proxy software to clients running Mac OS X


Check these prerequisites before using the McAfee ePO platform to deploy Client Proxy software to
endpoint computers running Mac OS X.
• The Client Proxy extension software must be installed on the McAfee ePO platform.

• The latest Mac OS X build of the Client Proxy package must be checked in to the McAfee ePO
Master Repository.

• A compatible version of McAfee Agent must be checked in to the Master Repository and installed on
the endpoint computers running Mac OS X.

View end-user installation data


View the number of endpoint computers where Client Proxy has been successfully installed in the past
month.

Task
1 From the management console menu, select Reporting | Queries & Reports.

2 From the Groups list, expand Shared Groups, then select McAfee Client Proxy.

3 Create a query.

14 McAfee Client Proxy 2.3.1 Product Guide


For Windows and Mac OS
2
Deploying Client Proxy
View end-user installation data

Option Definition
Select a query 1 Click the Query tab, then select Actions | New.
type.
The Query Builder opens with the Result Types view active.
2 From the Feature Group list, select Policy Management.

3 Choose from these options:


• Applied Client Tasks
• Applied Policies
• Client Task Assignment Broken Inheritance
• Policy Assignment Broken Inheritance
4 Click Next.

Select a query 1 From the Display Results As list, select a graph or table for the query layout.
layout.
Select a layout for your query that best displays your data.
2 Select the display options you want from the available lists.

3 To move to the Columns page, click Next.

Select query 1 From the Available Columns list, select which columns to apply to your query.
columns.
2 In Selected Columns, select, drag, and position each column.

3 To move to the Filter page, click Next.

Configure From the Available Properties list, select which properties to use for filtering your
properties. query, and the appropriate values for each.
Run the query. Click Run.
Save the query. 1 To view the Save Query page, click Save.

2 Type a name for the query, add any notes, and select a group.

3 Click Save.

4 Create a report.

McAfee Client Proxy 2.3.1 Product Guide 15


For Windows and Mac OS
2
Deploying Client Proxy
View end-user installation data

Option Definition
Select a query. 1 Click the Report tab, then select Actions | New.
The Report Builder opens with the Report Layout view active.
2 From the Toolbox menu, select Query Chart, and drag it to the Report Layout area.
The Configure Query Chart dialog box appears.
3 From the Query drop-down list, select MCP: Endpoint Install Success/Failed events in last
month.
4 Configure the remaining query options, then click OK.

Customize the 1 In the Name, Description and Group tab, type a name, description, and which group
report. to use.
2 Use the Header and Footer and Page Setup tabs to specify how you want the query to
appear in the report.
3 Use the Runtime Parameters tab to select report‑level filters.

Generate the Click Run.


report. You can choose to run the report to get the information immediately, save to use
it another time, or configure its appearance further by adding additional content.

16 McAfee Client Proxy 2.3.1 Product Guide


For Windows and Mac OS
3 Managing Client Proxy policies

In the McAfee ePO management console, you configure and manage Client Proxy policies.

Contents
Users and permission sets
Configuring the policy areas
Assign the policy to the endpoint computers
Export the policy to an .xml or .opg file
Policy Catalog

Users and permission sets


We recommend creating specific administrator roles and permissions in McAfee ePO for the Client
Proxy catalog administrator.
McAfee ePO defines roles and permissions in terms of Permission Sets. A default permission set installed
with the product, MCP Catalog Admin, gives the Client Proxy administrator view and change permissions
for policies and certain Common Catalog items and actions. You can also assign an auditor role by
adding view permission to one of the existing reviewer permission sets, or by creating a new
permission set. You assign users to permission sets using Active Directory.

Configuring the policy areas


Client Proxy policy configuration includes these areas: the proxy servers list, client configuration, the
bypass list, and the block list.

McAfee Client Proxy 2.3.1 Product Guide 17


For Windows and Mac OS
3
Managing Client Proxy policies
Configuring the policy areas

Tasks
• How Client Proxy manages the proxy server list on page 18
When configuring proxy servers for a Client Proxy policy, consider how Client Proxy
manages the proxy server list.
• Configure the proxy server list on page 18
To redirect network traffic to a proxy server, configure the proxy server list.
• Client configuration on page 19
Client Proxy uses the Client Configuration settings to identify the customer and determine
whether endpoint computers are located inside or outside the network.
• Configure the client settings on page 20
Configure the settings that Client Proxy uses to identify the customer and determine
whether end-user computers are located inside or outside the network.
• Configure the bypass list on page 20
Configure the McAfee Common Catalog instance that Client Proxy uses to determine which
®

network traffic is allowed to bypass the proxy server.


• Configure the block list on page 21
Configure the list of processes running on endpoint computers that are blocked from
accessing the network.

How Client Proxy manages the proxy server list


When configuring proxy servers for a Client Proxy policy, consider how Client Proxy manages the proxy
server list.
The Client Proxy software maintains an ordered list of proxy servers, with the proxy server having the
fastest response time placed at the top of the list. The software updates the list from time to time.

For example, the list is updated when the end user starts the computer, the VPN connection breaks, a
proxy server fails to respond, or the Client Proxy policy changes. At these times, the software tests the
connections to all proxy servers and reorders the list based on response times.

If redirection to the proxy server at the top of the list fails, the software tries redirecting to the second
proxy server in the list. At the same time, the software tests the proxy server connections again and
updates the proxy server list.

When configuring how the Client Proxy software selects the next proxy server from the list, you have
these options:
• connect to the first accessible Proxy Server based on their order in the list below — The software selects the next
proxy server from the list that you configure.

• connect to the Proxy Server that has the fastest response time — The software selects the next proxy server from
the list that it maintains, which is based on response time.

Configure the proxy server list


To redirect network traffic to a proxy server, configure the proxy server list.
When Client Proxy is deployed on-premise, you configure one or more Web Gateway appliances
installed on your network as the proxy servers.

To save the policy, you must configure at least one proxy server, and the configuration must include an
IP address or host name and a port number.

18 McAfee Client Proxy 2.3.1 Product Guide


For Windows and Mac OS
3
Managing Client Proxy policies
Configuring the policy areas

Task
1 From the management console menu, select Policy | Policy Catalog.

2 From the Product drop-down list, select the current version of McAfee Client Proxy.

3 To configure a policy, click the policy's name.

4 From the Client Proxy Settings menu, select Proxy Servers.

5 In the Proxy Server List, select how Client Proxy connects to the proxy servers from these options:
• connect to the first accessible Proxy Server based on their order in the list below

• connect to the Proxy Server which has the fastest response time

6 Add proxy servers to the Proxy Server List:


a In the Proxy Server Address field, enter the IP address or host name of the proxy server.

b In the Proxy Port field, enter the port number of the proxy server.

c To redirect HTTP/HTTPS requests to the proxy server, select the HTTP/HTTPS checkbox.
Client Proxy redirects all requests going to ports 80 and 443.

d To redirect requests going to ports using protocols other than HTTP/HTTPS, specify the port
numbers in this field: Non-HTTP/HTTPS Redirected Ports.
Use this setting to redirect traffic that uses a transfer protocol other than HTTP/HTTPS. Verify
that the proxy server supports the protocol.

e Click Add.

The IP address or host name is added to the Proxy Server List.

Using the icons in the Actions column, you can edit, delete, or change the order of the proxy servers
in the list.

7 To redirect requests going to ports other than 80 or 443 using the HTTP/HTTPS protocol, specify
the port numbers in this field: Specify additional ports that you would like to redirect as HTTP/HTTPS traffic.
Use this setting to redirect traffic that is going to an application, for example, instead of a web
browser.

8 To redirect all requests, including requests going to local addresses inside your organization's
network, deselect the Bypass proxy server for local addresses checkbox.
By default, Client Proxy does not redirect requests going to local addresses. To redirect all requests
to the proxy server, you can override the default setting.

Client configuration
Client Proxy uses the Client Configuration settings to identify the customer and determine whether
endpoint computers are located inside or outside the network.
• Customer Identifier — Client Proxy uses the customer ID and shared password to identify the customer
and apply the customer's policy.

• Traffic Redirection Settings — Client Proxy uses this setting to determine when to redirect network traffic
to the configured proxy servers.

• Corporate Network Detection — Client Proxy uses this setting to determine whether the endpoint
computer is located inside or outside the network.

McAfee Client Proxy 2.3.1 Product Guide 19


For Windows and Mac OS
3
Managing Client Proxy policies
Configuring the policy areas

• Corporate VPN Detection — Client Proxy uses this setting to determine whether the endpoint computer is
connected to the network through the VPN.

• Active Directory Groups Filter — Client Proxy uses the regular expressions that you configure to filter the
list of Active Directory groups included sent to the proxy server.

• Log File Settings (OS X Only) — Depending on this setting, Client Proxy logs error messages to a log file
on each endpoint computer.

• Access Protection (Windows Only) — Depending on this setting, Client Proxy is protected from
unauthorized removal or tampering by end users.

Configure the client settings


Configure the settings that Client Proxy uses to identify the customer and determine whether end-user
computers are located inside or outside the network.

Task
1 From the management console menu, select Policy | Policy Catalog.

2 From the Product drop-down list, select the current version of McAfee Client Proxy.

3 To configure a policy, click the policy's name.

4 From the Client Proxy Settings menu, select Client Configuration.

5 In the Customer Identifier section, click Browse, select the ID file, then click Open.
This file is provided by the Web Gateway or McAfee WGCS administrator.

The Unique Customer ID and Shared Password fields are automatically populated.

6 Configure the remaining options.

Configure the bypass list


®
Configure the McAfee Common Catalog instance that Client Proxy uses to determine which network
traffic is allowed to bypass the proxy server.
Each Client Proxy policy has a Common Catalog instance associated with it. The catalog is a list that
you configure and that Client Proxy uses to determine which network traffic bypasses the proxy server.

The bypass list can include domain names, network addresses, network ports, and the names of
processes that endpoint computers are allowed to access directly. Updating the bypass list in McAfee
ePO also updates the Common Catalog instance associated with the policy.

Process names can be in Microsoft Windows format (test.exe) or Mac OS X format (test).

Task
1 From the management console menu, select Policy | Policy Catalog.

2 From the Product drop-down list, select the current version of McAfee Client Proxy.

3 To configure a policy, click the policy's name.

4 From the Client Proxy Settings menu, select Bypass List.

5 In the Bypass List window: From the Actions menu, select Add bypass list item, then select an item type.

The Choose from existing values dialog box opens.

20 McAfee Client Proxy 2.3.1 Product Guide


For Windows and Mac OS
3
Managing Client Proxy policies
Assign the policy to the endpoint computers

6 Do one of the following:


• Select one or more existing catalog items.

• Click New Item, enter the new information, then click Save.

7 Click OK.

Configure the block list


Configure the list of processes running on endpoint computers that are blocked from accessing the
network.
Each Client Proxy policy has a list of blocked processes associated with it. The block list is designed to
reduce the amount of unwanted traffic that is redirected to the proxy server for filtering. Occasionally,
the block list can restrict access to Internet resources, where the restriction was not intended.

Task
1 From the management console menu, select Policy | Policy Catalog.

2 From the Product drop-down list, select the current version of McAfee Client Proxy.

3 To configure a policy, click the policy's name.

4 From the Client Proxy Settings menu, select Block List.

5 Select an option:
• Allow traffic to go directly to destination — No processes are blocked.

• Block traffic for all processes (except bypass listed processes) — All processes are blocked except for
processes whose names are on the bypass list. These processes are allowed to access the
network directly.

• Block traffic only for the following processes — To configure the list of processes that you want blocked,
enter the process names, clicking Add after each entry.

Windows process names must end with the .exe extension. Mac process names can be specified
without the extension.

6 Click Save.

Assign the policy to the endpoint computers


Using McAfee ePO, assign the Client Proxy policy to specified endpoint computers in your
organization's network.

Task
1 From the management console menu, select Systems | System Tree.

2 From the System Tree menu, select a group or subgroup.

3 Click the Assigned Policies tab.

4 From the Product drop-down list, select the current version of McAfee Client Proxy.

5 In the Actions column, click Edit Assignment.

The Policy Assignment for My Organization window appears.

McAfee Client Proxy 2.3.1 Product Guide 21


For Windows and Mac OS
3
Managing Client Proxy policies
Export the policy to an .xml or .opg file

6 Next to Inherit from, select Break inheritance and assign the policy and settings below.

7 From the Assigned policy drop-down list, select the policy.

8 Choose whether or not to lock policy inheritance.

9 Click Save.

Assign a Client Task to schedule the policy deployment to the endpoints.

Export the policy to an .xml or .opg file


You can export the Client Proxy policy to an .xml file for troubleshooting or to an .opg file for import
by client computers in your organization.

Task
1 From the management console menu, select Policy | Policy Catalog.

2 From the Product drop-down list, select the current version of McAfee Client Proxy.

3 To export a policy, click the policy's name.

The Client Proxy Settings pane opens.

4 From the Actions drop-down list, select Export Policy to File.

The Export Policy to File dialog box opens.

5 Click a link:
• McAfee Client Proxy Policy Server File — Exports the policy to a .xml file that you can use for
troubleshooting.

• McAfee Client Proxy Policy Client File — Exports the policy to a .opg file that can be imported by client
computers in your organization.

6 Save the file.

7 Click OK.

Policy Catalog
On the McAfee Client Proxy page of the Policy Catalog, you can create, import, export, rename, duplicate,
delete, view, and edit policies.

The Client Proxy policy named McAfee Default is read only. It can be duplicated and saved with a new
name, but it cannot be renamed, deleted, exported, or edited.

Table 3-1 Client Proxy policy options


Option Definition
New Policy When clicked, opens the Create a new policy dialog box, where you can select an existing
policy to use as a template for a new policy and specify a name.
Import When clicked, opens the Import Policies dialog box, where you can browse for the .xml file
that has the policy you want to import.

22 McAfee Client Proxy 2.3.1 Product Guide


For Windows and Mac OS
3
Managing Client Proxy policies
Policy Catalog

Table 3-1 Client Proxy policy options (continued)


Option Definition
Export When clicked, opens the Export page, where you have these options:
• Click the link — Opens a new tab in your web browser, where you can view the policy in
XML format.
• Right-click the link, then select Save Link As, choose a folder, and optionally update the
file name — Downloads the policy to an .xml file.
Default file name: Policies_For_McAfee_Client_Proxy_<x.y.z>.xml
<x.y.z> specifies the version number of Client Proxy.

Name Clicking this link opens the policy settings, which you can edit and save.
Owner Clicking this link opens a list of users and groups, where you can select the policy owners
and save any changes.
Assignments Clicking this link opens the list of nodes, to which the policy is assigned.
Actions • Rename — When clicked, opens the Rename Policy dialog box, where you specify a new
name for the policy.
• Duplicate — When clicked, opens the Duplicate Existing Policy dialog box, where you specify a
name for the new policy that is based on an existing policy.
• Delete — When clicked, opens the Delete Policy dialog box, where you confirm that you
want to delete the policy.
• Export — When clicked, opens the same page as the Export button.

McAfee Client Proxy 2.3.1 Product Guide 23


For Windows and Mac OS
3
Managing Client Proxy policies
Policy Catalog

24 McAfee Client Proxy 2.3.1 Product Guide


For Windows and Mac OS
4 Maintaining Client Proxy

You can upgrade or remove the Client Proxy software, install a hotfix release, and support end users.

Contents
Upgrade the Client Proxy software
Install a hotfix release
Uninstall the Client Proxy software
Working with end users

Upgrade the Client Proxy software


Download the latest Client Proxy software, install the extension, check in the client package, and
deploy the client software to the end-user computers.

Task
1 Download the latest versions of the Client Proxy software.
a Go to the McAfee Content & Cloud Security Portal.

b Enter your user name and password, then click Login.

c Select Software | McAfee Web Gateway | Tools | McAfee Client Proxy.

d Select and save the appropriate .zip file.

Client Proxy also supports McAfee ePO Software Manager.

2 Install the extension software.


a From the management console menu, select Software | Extensions.

b Click Install Extension.

c Click Browse to locate the Client Proxy .zip file, click Open, then click OK.

The Install Package window appears.

d Click OK.

e Verify that the extension is installed, and select Menu | Software | Extensions.

3 Check in the client package.


a Select Actions | Check in Package.
The Check in Package window appears.

McAfee Client Proxy 2.3.1 Product Guide 25


For Windows and Mac OS
4
Maintaining Client Proxy
Install a hotfix release

b Select the package type, then click Browse.

c Choose the Client Proxy .zip file you downloaded earlier, then click Open.

McAfee Client Proxy appears in the Packages in Master Repository list.

4 Deploy the client software to the end-user computers.


a Select Menu | Systems | System Tree.

b From the System Tree list, select the subgroup level to deploy Client Proxy endpoint software.

c Click the Assigned Client Tasks tab.

d From the Actions menu, select New Client Task Assignment.

e Configure the Client Task Assignment Builder options.

f Click Create New Task.

g Configure the Product Deployment options.

h Click Save.

i Click Next.

j From the Schedule type drop-down list, select Run immediately, then click Next.

k Review the task summary, then click Save.

The Client Proxy software runs immediately on the endpoint computers without restarting.

Install a hotfix release


Occasionally, McAfee releases a Client Proxy hotfix to address issues with the product.
If the hotfix includes release notes, follow the instructions in the release notes when installing the
hotfix. If the hotfix does not include release notes, follow these steps.

Task
1 Go to the McAfee Content & Cloud Security Portal.

2 Enter your user name and password, then click Login.

3 Select Software | McAfee Web Gateway | Tools | McAfee Client Proxy.

4 Select and save the hotfix installation file for your operating system.

5 Run the hotfix installation file.

6 Follow the on-screen prompts to complete the installation.

Uninstall the Client Proxy software


To fully uninstall the Client Proxy software, remove the extension and package from McAfee ePO and
then remove the software from the administrator operating system.

26 McAfee Client Proxy 2.3.1 Product Guide


For Windows and Mac OS
4
Maintaining Client Proxy
Working with end users

Remove the extension software


Using McAfee ePO, remove the Client Proxy extension software.

Task
1 From the management console menu, select Software | Extensions.

2 From the Extensions list, select McAfee Client Proxy.

3 Click Remove.

Remove the client software package


Using McAfee ePO, remove the Client Proxy software from the computers of end users in your
organization.

Task
1 From the management console menu, select Systems | System Tree.

2 Select the organizational level to which you want the remove action applied.

Selecting My Organization selects all computers managed by McAfee ePO.

3 Click the Assigned Client Tasks tab.

4 From the Actions drop-down list, select New Client Task Assignment.

5 In the Client Task Assignment Builder, configure the following options in the order shown, then click Create
New Task:
• Product — Select McAfee Agent.

• Task Type — Select Product Deployment.

6 In the New Task window, configure the following options, then click Save:
• Task Name — Specify a name for the task.

• Description — (Optional) Describe the task.

• Target platforms — Select Windows.

• Products and components — From the drop-down list, select the version of McAfee Client Proxy that
you want to remove from the endpoint computers, then from the Action drop-down list, select
Remove.

Working with end users


End users can view information about Client Proxy on their computers or temporarily suspend policy
®
enforcement by contacting a McAfee Help Desk administrator.

McAfee Client Proxy 2.3.1 Product Guide 27


For Windows and Mac OS
4
Maintaining Client Proxy
Working with end users

View information about Client Proxy on a Windows-based


computer
On an endpoint computer running Windows, you can view information about the Client Proxy software,
policy, and status.

Task
1 On a Windows-based computer, click Start | All Programs | McAfee, then click About McAfee Client Proxy.

2 In the McAfee Client Proxy window, you can view the following information:
• Version Number — Specifies the version and build number of the Client Proxy software installed on
the endpoint computer.

• Active Proxy — Specifies the address of the proxy server to which Client Proxy is redirecting traffic.

• Connection Status — Specifies whether the endpoint computer is connected to the network.

• EspMode — Specifies whether Client Proxy is installed and running on the Endpoint Solution
Platform.

• Policy Name — Specifies the name of the policy that Client Proxy is applying.

• Policy Revision — Specifies the revision number of the policy that Client Proxy is applying.

• Policy Timestamp — Specifies the time when the Client Proxy policy was deployed to the endpoint
computer.

• Status — Specifies whether Client Proxy is working in active or passive mode.

3 To close the window, click Ok.

View information about Client Proxy on an OS X computer


On an endpoint computer running OS X, you can view information about the Client Proxy software,
policy, and status.

Task
1 On an OS X computer, click the McAfee menulet and select About McAfee Endpoint Protection for Mac.

In the Client Proxy section, the following information is displayed:


• Client Proxy version and build number • Policy modified date

• Policy name • Proxy server

• Policy revision

2 Verify that you are connected to the proxy server: From the menulet, select the dashboard.

This message is displayed: Client Proxy: Redirecting.

Suspending policy enforcement


End users can request permission to access or transfer sensitive information for a limited time.
Occasionally, there is a legitimate business reason to temporarily suspend the security policy so that
sensitive information can be accessed or transferred. Client Proxy uses a challenge-response
mechanism to perform this function.

28 McAfee Client Proxy 2.3.1 Product Guide


For Windows and Mac OS
4
Maintaining Client Proxy
Working with end users

The end user sends a request to an administrator, including the policy revision number and
®
identification code displayed in the Enter Release Code dialog box. Using this information and the McAfee
Help Desk software, the administrator creates a release code and then sends it to the end user.

The release code is valid for a limited time, and the time allowed for policy suspension is limited as
well. Thus, the end user must enter the release code in the dialog box and complete the task that
requires policy suspension before the allowed time period expires.

Best practice: Removing the software from endpoint computers


Client Proxy software cannot be removed from endpoint computers without authorization. Usually, the
administrator uninstalls the software using McAfee ePO.

If McAfee ePO is not available and the endpoint computer is running Windows, the administrator can
uninstall the software using the Windows Add or Remove Programs tool. In this case, the
administrator uses the challenge-response mechanism to generate the release key.

Generate a release code


To temporarily suspend policy enforcement on endpoint computers, users request a bypass release
code from a Client Proxy administrator. Using Help Desk software, administrators create a release code
and send it to the end user.

Task
1 To request a bypass release code on an endpoint computer, do one of the following:
• On Mac OS X computers: From the McAfee menulet on the status bar, select McAfee Endpoint
Protection for Mac Preferences, then select Client Proxy.

• On computers running Windows: Click Start | All Programs | McAfee, then click Bypass McAfee Client
Proxy.

The McAfee Client Proxy Enter Release Code dialog box opens.

While you are waiting for the administrator to send the release code, leave this dialog box open. If
you close it, you must start the procedure over.

2 Copy the number in the Policy Revision field and the code in the Identification field, send these values to
your administrator, and include your user name and email address.

3 When your administrator sends the release code, enter the code in the Release field, then do one of
the following:
• On Mac OS X computers: Click Release.

• On computers running Windows: Click OK.

Policy enforcement is suspended for the time period specified by the administrator when creating the
code.

McAfee Client Proxy 2.3.1 Product Guide 29


For Windows and Mac OS
4
Maintaining Client Proxy
Working with end users

30 McAfee Client Proxy 2.3.1 Product Guide


For Windows and Mac OS
Index

A client software (continued)


viewing the number of successful installations 14
about this guide 5
client software package
access protection 20
removing 27
Windows 19
Common Catalog 20
Active Directory
conventions and icons used in this guide 5
groups filter 19
corporate network and VPN detection 19
Active Directory groups 20
corporate network detection 20
authentication tokens 9
corporate VPN detection 20
authentication version 9
customer ID 9, 19, 20
B
D
block list
deployment options 9
configuring 21
documentation
bypass list
audience for this guide 5
configuring 20
product-specific, finding 6
typographical conventions and icons 5
C
challenge-response mechanism 28
E
client computers
Endpoint Solution Platform 10
requirements 11
EspMode 10
client configuration 19
extension software
Client Proxy
installing 12
assigning a policy 21
removing 27
checking in the client software 13
how the software works 8
integrated with Endpoint Security 10 H
managing the proxy server list 18 hardware
metadata 9 requirements on client computers 11
policies 22 hotfix release
server and client software 9 installing 26
Client Proxy software hybrid solution 7
deploying to clients running Mac OS X 14
deploying to clients running Windows 13 I
removing from endpoint computers 28
installation
uninstalling 26
product files 12
upgrading 25
IP addresses
Client Proxy, about
client and original destination 9
viewing on a Windows-based computer 28
viewing on an OS X computer 28
client settings
L
configuring 20 log file settings 20
client software OS X 19
Client Proxy 13

McAfee Client Proxy 2.3.1 Product Guide 31


For Windows and Mac OS
Index

M R
Master Repository release codes
McAfee ePO 13 generating 29
McAfee ePO reports
Master Repository 13 generating in McAfee ePO 14
McAfee ServicePortal, accessing 6
McAfee WGCS S
configuring as the proxy server 18
ServicePortal, finding product documentation 6
metadata
shared password 19
Client Proxy 9

T
O
technical support, finding product information 6
operating systems traffic redirection 20
supported on client computers 11 traffic redirection settings 19

P U
permission sets 17 user groups 9
policies user ID 9
Client Proxy 21, 22
exporting to an .xml or .opg file 22 W
suspending 28 Web Control 10
policy areas Web Gateway appliances
configuring 17 configuring as proxy servers 18
Policy Catalog Web Protection
Client Proxy page 22 hybrid solution 7
processes
blocking 21
proxy server list
configuring 18
how Client Proxy manages 18

Q
queries
creating in McAfee ePO 14

32 McAfee Client Proxy 2.3.1 Product Guide


For Windows and Mac OS
00