This article explains how to configure the SCP policy file when SCP is deployed without ePolicy Orchestrator (ePO).
NOTE: You must configure and save the SCP policy in the Control Console before you download and deploy it to users' systems.
To create the policy, perform the following steps:
- Log on to the Control Console with Admin rights.
- Select Web Protection, Policies and under McAfee client proxy policies, click New.
- Click the Details tab and do the following:
- Type the Name and Description for the new policy.
- Select Prevent the McAfee Client Proxy from being stopped or uninstalled. By selecting this option, SCP protects itself against tampering. This option prevents end users from uninstalling, deleting, renaming, or killing the SCP process.
- Click Save.
- Click the Proxy Servers tab. The default proxy server is pre-populated specifically for you, using your closest locations to the Trellix data center. To add more proxy servers:
- Click New.
- Type the required details for Proxy Server Address and Port, and then select the SSL setting.
- Specify Additional Ports to be redirected (optional).
- Select the Internal Network option to allow users to bypass the proxy servers when accessing internal sites (optional).
- Click Save.
NOTES:
- You must have at least one proxy configured; otherwise, users' web requests would have unrestricted access to the web.
- When a web request comes in, it looks at the first proxy, and if this proxy can't process it, it goes to the second proxy, and so on.
- There's no way to reorder the proxy servers when you configure multiple proxies on the proxy server page.
- To re-order proxy addresses, delete one or more of the proxies and add new proxies in the order you want.
- Click the Bypass List tab and do the following:
NOTE: This list is used to reduce system overhead.
- Select New to add a list of safe locations by Domain name, Executable Name, IP address (CIDR), or Port Number.
- After selecting the location above, type the required value.
Example of a Classless Inter-Domain Routing (CIDR) IP address: 192.0.2.0/24
- Click Save.
- Click the Block list tab and do the following:
NOTE: This list is to stop users from accessing applications on the web. The web request stops at the client level and no further processing is done.
- Click New, and type the Executable Name.
Example: itunes.exe
- Click Save.
- Click the Corporate Detection tab and do the following:
NOTE: Corporate Detection is disabled by default.
- Select Enable only if you use an internal web filtering appliance and SaaS Web Protection. If you do not have an internal web filtering appliance, route all your web traffic through SaaS Web Protection Service and leave this option disabled.
- Click Save.
You can now download and deploy the SCP policy file to users' systems.