McAfee’s low-end AV management tool shines

We take a quick look at McAfee Security’s ProtectionPilot 1.0 management console.

Beagle. NetSky. Sasser. Three viruses, all wreaking havoc in one month’s time. Anti-virus software is no longer just an option – it’s a requirement.

Everyone with a computer connected to a network, especially those running a Windows operating system, must run an anti-virus program to protect against these attacks. But anti-virus companies traditionally have been a bit lax in providing adequate management wares to help IT control these products on a wide scale.

We took a quick look at McAfee Security’s ProtectionPilot 1.0 management console. While this software can manage only up to 500 machines in its current state, it was a simple, intuitive approach to anti-virus management that has features we hope to see bubble up to more wide-scale AV management wares.

ProtectionPilot is used for all anti-virus management across all Windows machines, including deployment, reporting and profile configuration. One key default configuration set with this product is the concept of update checks. By default, the central server checks for new signature updates from McAfee, and the clients check the central server for new signature updates every hour.

The dashboard, viewable immediately after launching the console and authenticating yourself, provides all the information an anti-virus manager needs to see with one glance: time of last signature update, the anti-virus update status of all registered computers and the number of viruses found with the actions taken (for example deleted, quarantined or cleaned). One nice feature is that this screen (and any other) has a printer-friendly view, perfect for management-compliance reports.

Deploying anti-virus software to any computer on a network is as simple as following the steps of a deployment wizard. Machines also can be categorized according to existing Active Directory groups or custom groups defined by an administrator. If a remote client needs an immediate signature update, the process is as simple as selecting the Update button. You can update all registered computers with one click of the mouse.

Once computer groups are created, each group can run a different client policy. Configurable options include the ability to disable the start-up splash screen, the icon displaying in the system tray, on-access file scan, quarantine location and alert manager. The only option we could not find to configure was the ability to remove the program from the Add/ Remove Programs list or require a password for un-install to prevent users from removing the software from their systems.

One issue in this release is the inability to remotely manage files placed in quarantine so you can remove virus files from a system without having to physically touch that system or connect through different steps, such as connecting over a Windows file share.

According to McAfee, it is looking at this functionality for a future release. In the meantime, the company recommends setting a central quarantine location on the network and administering the files from this shared location.

ProtectionPilot also includes the ability to define alert options using the Alert Manager component of the product. With Alert Manager, administrators can receive pages, e-mails, pop-ups or SNMP traps when a virus file is detected.

McAfee does not supply any hooks from ProtectionPilot 1.0 to its enterprise anti-virus product, ePO 3.0. However, the company says there will be an upgrade path based on the same agent software when it rolls out ePO 3.5 later this year.