Cisco® CallManager runs on a Windows2000 server. An important administrative task for server management is antivirus software. Enterprise tools such as ePolicy Orchestrator from McAfee have been developed to ensure antivirus software is effective across an entire enterprise. These tools can inventory, audit, and bring into compliance machines across an enterprise. Cisco Systems® has supported McAfee antivirus software running co-resident on Cisco CallManager for some time. Cisco now supports McAfee ePolicy Orchestrator agent running on Cisco CallManager servers.
This document outlines the procedures to configure McAfee ePolicy Orchestrator (ePO) 3.5 and McAfee 8.0i on a Cisco CallManager Media Convergence Server (MCS). This document assumes ePO agent and McAfee are installed on the Cisco CallManager server and that ePolicy Orchestrator is installed on a separate machine.
The high-level steps for setting up the ePO server and workstation policies for the Cisco CallManager servers follow:
1. Disable ScriptScan.
2. Disable Trace File Scanning.
3. Disable Scanning for Windows Protected Files.
4. Disable Heuristics Scanning.
The high-level steps for scheduling a reoccurring scan of a Cisco CallManager server follow:
1. Disable Inheriting of policies.
2. Set the scan to run during off-peak hours.
3. Exclude Trace File Scanning.
4. Exclude scanning of Windows Protected Files.
5. Disable Heuristics Scanning and set the maximum system usage to 10 percent.
If these steps are not followed correctly, system performance and call-processing capabilities could be impacted.
EPO CONFIGURATION
The following steps modify the policy configuration with ePO (Figure 1).
1. Open ePO and log in.
2. Expand Directory, Lost&Found, and the Server Group.
3. Select the Cisco CallManager server.
4. In the right window pane, select the Policies tab and Expand the VirusScan Enterprise 8.0 Policy group.
Figure 1. ePolicy Orchestrator 3.5
5. Select On-Access General Policies. The window pane shown in Figure 2 will refresh with Configuration Options.
6. In the Settings for: drop-down menu, select Server.
7. Select the Script Scan tab from the Configuration Choices menu.
8. In the Script Scan tab, uncheck Inherit and then uncheck the Enable ScriptScan check box.
Figure 2. VirusScan Enterprise 8.0 Server Settings
9. Repeat this process for the Workstation selection in the Settings for: drop-down menu.
10. Next, Click on On-Access Default Processes Policies.
11. Select Server in the Settings for: drop-down menu.
12. Click on the Detection tab.
13. Uncheck the Inherit check box and click on the Exclusions button.
Figure 3. Default Detection Properties
14. The files and folders shown in Figure 4 should be excluded from On-Access scanning.
Figure 4. Scan Exclude List
15. To add the files and folders, Click the Add button and type the text shown in Figure 5, clicking OK after each addition. Also exclude all Windows protected files as in Figure 6. Be sure to check the Exclude Subfolders check box.
Figure 5. Trace Files Exclusion
Figure 6. Windows Protected Files Exclusion
16. Next click the Advanced tab. Uncheck Inherit and any boxes that are checked so it looks like the window shown in Figure 7.
Figure 7. Advanced Tab
17. Click Apply to write the changes.
18. Repeat steps 13-18 for the Workstation selection in the Settings for: drop-down menu.
SYSTEM SCAN CONFIGURATION
The following steps are used if a system scan will be scheduled in ePO:
1. Select the Cisco CallManager server in the left pane, and then select the Tasks tab in the right window pane.
2. Right click in the Task pane and choose Schedule Task...
3. Name the scan task and choose VirusScan Enterprise 8.0 On-Demand Scan from the selections (Figure 8) and Click OK.
Figure 8. Scheduling System Scans
4. Uncheck the Inherit check box and check the Enable check box to enable this task (Figure 9).
Figure 9. Schedule Settings
5. Click on the Schedule tab.
6. Uncheck the Inherit check box. Set the scan to run at off-peak hours so it does not negatively impact Cisco CallManager performance (Figure 10).
Figure 10. Scan Schedule
7. Click Apply.
8. Click on the Task tab again and select Settings.
9. Next, click on the Detection tab and uncheck Inherit.
10. Click on the Exclusions button and set the Exclusions outlined in step 16.
11. Click on the Advanced tab.
12. Figure 11 shows the default settings.
Figure 11. Default Settings
13. Change the Default setting to appear as Figure 12. and click OK.
Figure 12. Scheduled Scan Default Settings
14. Click Apply, and then OK to save the changes to the task.
Figure 13 is a screenshot of the processes loaded on the Cisco CallManager server when using ePO agent and McAfee Antivirus. Seven new processes are added to the Cisco CallManager server.
