Openfiler Follies

25 02 2011

Over the past couple weeks I have been working tirelessly on building my new ESX 4.1 environment.  My goal is to have multiple serves and workstations running so I can use McAfee MOVE and MOVE AV. 

Due to a lack of financial backing for this project I was uable to purchase a “real” SAN.  So I went with an open source option called Openfiler. 

Great tool and all, but I learned very quickly. 

1.  Backup your confguraiton file.  I rebooted my server and lost the entire configuration.  Thus my entire 500 Gb volume was lost.

2.  When installing the Openfilre OS, let it delete all partitions from all hard drives.  I chose to partition manually and found out that this process does not reformat the hard drives.  In the end there were GPT volumes left behind and locked my drives in the RAID.  The RAID appeared as 100% full and I couldn’t remove the data.

3.  When you need help Google it.  I found some great forums out there and they helped a lot

http://www.linuxquestions.org/questions/linux-general-1/cant-get-rid-of-gpt-disk-label-729209/


Comments : Leave a Comment »

Categories : Uncategorized

EndPoint Encryption 6.0 With Agent Handlers

14 07 2010

When pushing EndPoint Encryption to a machine on a LAN everything works just fine.  When pushing to a machine in the DMZ that checks into an Agent Handler in the DMZ the Endpoint Encryption Software stops working.

From what I can see thus far, is the EEPC software uses a separate data channel 5555 to send data to the ePO 4.5 Server.  ePO 4.5 Server uses 5556 to communicate back to the agent.  I cannot figure out why ePO wont automatically redirect the traffic to the Agent Handler in the DMZ since the ePO server is obviously out or reach from the DMZ agents.

The EEPC software itself installs, but when the policy is enabled to encrypt the drive or boot sector (either / or) the agent log starts posting two lines “Sending the next batch of 1 data channel items” and a second line “Agent failed to communicate with the ePO Server”

The agent is in fact running an ASCI, but it is not sending the EEPC data on the 5555 data channel.  The EEPC Agent only tries to resolve the ePO server by name and IP address.  It is not configured to be aware of the AH IP address(s)

-J


Comments : Leave a Comment »

Categories : Uncategorized

How to remove Trend Micro

6 05 2010

I recently learned that McAfee made a little mistake on VirusScan 8.7 Patch 3.  In this patch McAfee forgot to include the removal piece for Trend Micro products.  If you need to go about removing any Trend Micro products you need to manually remove them or request a copy of VirsuScan 8.7 Patch 2 from McAfee Support.  The Patch 2 version has the correct configuration to stop Trend services and remove the products.

It is important to know that password protection must be turned off on the Trend products or else the removal will fail.

Trust me the manual removal of a Trend product is lengthy and difficult.  Use VirusScan 8.7 Patch 2 to do the work for you.

-J


Comments : Leave a Comment »

Categories : Uncategorized

False positive detection of w32/wecorl.a in 5958 DAT

22 04 2010
Corporate KnowledgeBase ID: KB68780
Published: April 21, 2010

Environment

For details of all supported operating systems, see KB51109

Summary

McAfee is aware of a w32/wecorl.a false positive with the 5958 DAT file that was released on April 21, 2010.

Background

For more background regarding the cause of this error, please see McAfee Response to DAT Version 5958 False Positive Error

.

Problem

DCOM error, followed by shutdown messages after updating to the 5958 DAT on April 21, 2010.

Solution

The issue is resolved in the 5959 DAT file release (April 21, 2010), which is available from the McAfee Security Updates page at:

http://www.mcafee.com/apps/downloads/security_updates/dat.asp?region=us&segment=enterprise

NOTE: Posting of the 5959 DAT file is currently in progress. It may take several hours for the new DAT file to replicate out to all McAfee download servers.

IMPORTANT: If you are already affected by this issue, you must still either replace or restore svchost.exe.  McAfee is continuing to work on an automated solution to fully resolve the issue for affected customers.

Please watch for updates on this issue, which will be sent on a timely basis through Support Notification Service (SNS) and Platinum Proactive notifications.

To subscribe to SNS, visit http://my.mcafee.com/content/SNS_Subscription_Center.

This article will be updated as additional information becomes available.

Recommended Manual Recovery Procedure using the Extra DAT where DAT 5958 is currently installed

  1. Locate the extra.dat from here and unzip
  2. Boot in safe mode with “Network Option“ enabled
  3. Copy Extra DAT into c:\program files\commonfiles\mcafee\engine
  4. If svchost.exe exists in (c:\windows\system32) and is not a “0“ byte file, skip to step 5
  5. If svchost.exe deleted,  Pull up the VSE console and open “Quarantine manager“

Click on the detection and select “Restore“

1)      If the VSE console does not come up:
C:\program files\mcafee\virusscan enterprise\mcconsol.exe /standalone
This will pull up the VSE console. Click on the detection and select “Restore“

2)      If steps  4 and 4.1 do not work OR if svchost.exe is “0“ bytes:

  1. When possible Copy svchost.exe from the local C:\windows\ServicePackFiles\i386\svchost.exe or if not present c:\windows\system32\dllcache\svchost.exe
  2. Copy svchost.exe from an unaffected system to c:\windows\system32 directory (same OS) from external media (USB, CD etc.)

If  “paste“ is grayed out, use the following commands:

Start -> run -> cmd

Run the following command “copy from

to [destination\folder]“

Example:  copy x:\svchost.exe c:\windows\system32
<ol>
<li>Reboot in normal mode</li>
<li>Use the product update to update to 5959</li>
<li>Delete the Extra DAT file in c:\program files\commonfiles\mcafee\engine</li>
</ol>
<strong>Alternate Manual Recovery Procedure using DAT 5959 where DAT 5958 is currently installed</strong><strong> </strong>
<ol>
<li>Boot in safe mode with “Network Option“ enabled</li>
<li>If svchost.exe not deleted (look in c:\windows\system32\svchost.exe) and is not 0 byte then network connection should be possible – skip to step 5</li>
<li>If svchost.exe deleted or if it is “0“ bytes, then network connection may not be possible</li>
<li>If svchost.exe deleted,  Pull up the VSE console and open “Quarantine manager“</li>
</ol>
Click on the detection and select restore

1)      If the VSE console does not come up:

C:\program files\mcafee\virusscan enterprise\mcconsol.exe /standalone

This will pull up the VSE console

2).    If steps 4 and 4.1 do not work OR svchost.exe is �0� bytes:
<ol>
<li>When possible Copy svchost.exe from the local C:\windows\ServicePackFiles\i386\svchost.exe or if not present c:\windows\system32\dllcache\svchost.exe</li>
</ol>
b. Copy svchost.exe from an unaffected system to c:\windows\system32 directory (same OS) from external media (USB, CD etc.)

If “paste“ is grayed out, use the following commands:

Start -> run -> cmd

Run the following command “copy from

to [destination\folder]“

Example:  copy x:\svchost.exe c:\windows\system32

  1. Download the 5959 SuperDAT from here
  2. Run the SuperDAT program
  3. Reboot in normal mode

Related Information

Threat Center (McAfee Avert Labs) http://www.mcafee.com/us/threat_center/
Search the Threat Library http://vil.nai.com/
Submit a virus sample https://www.webimmune.net/default.asp
Security updates and DAT files http://www.mcafee.com/apps/downloads/security_updates/dat.asp?region=us&segment=enterprise

For additional information about EXTRA.DAT files, see KB68759.

To deploy the EXTRA.DAT via ePO 4.0 (KB52977)

Step 1 – Check in the EXTRA.DAT NOTES:

  • You cannot check in packages while any pull or replication tasks are in progress.
  • If your environment requires testing new packages before deploying them, McAfee recommends using the Evaluation branch. After you finish testing the packages, you can move them to the Current branch on the Software, Master Repository tab.
  1. Log on to the ePO 4.0 console. To open a remote console through Internet Explorer type one of the URLs below in your browser:https://<servername&gt;:8443
    https://<ipaddress_of_server&gt;:8443
  2. Click the SoftwareMaster Repository tabs.
  3. Click Check In Package.
  4. Select extra.DAT.
  5. Click Browse and locate the downloaded extra.DAT, then click Open.
  6. Click Next. Information is displayed about the Extra.DAT you are about to add to the repository.
  7. Click Next.
  8. Select the branch where you want to add the extra.DAT. The default branch is Current.
  9. Click Save. The Extra.DAT will now be listed under Packages in the Master Repository list on the Master Repository page.
  10. Run a Repository Replication task to distribute the Extra.DAT file out to all distributed or remote repositories.

Step 2 – Deploy the EXTRA.DAT

  1. Create a new ePolicy Orchestrator Agent Update task, and set the schedule to Run Immediately.
  2. Perform an Agent Wakeup call to send the new Update task to your clients and apply the extra.DAT.NOTE: If you prefer, you can reschedule an existing ePO Agent update task to deploy the extra.DAT.

To deploy the EXTRA.DAT via ePO 4.5 (KB67602)

Step 1 – Check in the EXTRA.DAT

NOTES:

  • You cannot check in packages while any pull or replication tasks are running.
  • If your environment requires testing new packages before deploying them, McAfee recommends using the Evaluation branch. After you finish testing the packages, move them to the Current branch on the Software, Master Repository tab.
  1. Log on to the ePO 4.5 console. To open a remote console through Internet Explorer, type one of the URLs below in your browser:https://<servername&gt;:8443
    https://<ipaddress_of_server&gt;:8443
  2. Click Menu, Software, Master Repository.
  3. Click Actions and select Check In Package.
  4. Select extra.DAT.
  5. Click Browse and locate the EXTRA.DAT, then click Open.
  6. Click Next. Information is displayed about the extra.DAT you are about to add to the repository.
  7. Click Next.
  8. Select the branch where you want to add the extra.DAT. The default branch is Current.
  9. Click Save. The extra.DAT will now be listed under Packages in the Master Repository list on the Master Repository page.
  10. If you have distributed repositories, run a Repository Replication task to distribute the extra.DAT to all Distributed or Remote repositories.

Step 2 – Deploy the extra.DAT

  1. Create a new ePolicy Orchestrator Agent Update task, and set the schedule to Run Immediately.
  2. Perform an Agent Wakeup call to send the new Update task to your clients and apply the extra.DAT.NOTE: If you prefer, you can reschedule an existing ePO Agent update task to deploy the extra.DAT.

Comments : Leave a Comment »

Categories : Uncategorized

Managing Mac OS X McAfee Agents

22 04 2010

Installing the McAfee Agent 4.x (Unmanaged)

How to install the unmanaged agent

  1. Download the MA package locally to the machine in a temporary directory
  • Unzip the package.
  • Locate the file with the .dmg extension (ex. MFEcma.dmg)
  • Double click the file and follow the wizard to complete the installation.
  • To verify the installation check to see if the following directory exists:
    • /Library/McAfee/cma
      • Note:  The use of an unmanaged agent is generally for machines that are setup by desktop support and will need to be managed by ePO later.  For information on how to manage the system see the next section.  In addition Mac OS X server provides a feature called System Imaging.  With this tool administrators can create system images with software installed such as the McAfee 4.x Unmanaged Agent.  Administrators can setup new machines with images faster and the McAfee Agent 4.x can be managed after the system is imaged.  This is done to avoid duplicate GUIDs.  For more information about Mac OS X server tools visit http://www.apple.com/server/macosx/features/client-management.html.


Enabling an Unmanaged Agent

Take control of unmanaged agents with ePO

  1. An unmanaged agent is essentially an operating agent that is missing the necessary information to communicate to the ePO server.  The agent needs the SiteList and the Public Keys and initial Request Keys to check into ePO.  These files can be copied to the unmanaged machine from the ePO server using the following steps:

·     /opt/McAfee/cma/bin/msaconfig –m –d <path of location containing srpubkey.bin, regseckey.bin, and sitelist.ml> [-nostart]

·     It is recommended to copy the srpubkey.bin, regseckey.bin,a nd SiteList.xml from the ePO server to a shared folder or directly to the local machine.  These files can be found on the ePO server in <drive>\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700MACX\Install409\

Installing the McAfee Agent 4.x (Managed)

How to install a managed agent

  1. In many instances an agent is installed on a machine in managed mode.  In order to setup a managed agent the administrator will need to ensure the McAfee Agent 4.x package and extension are checked into the ePO server master repository.

·     Download the McAfee Agent package (ex. MA450MAC.zip)

·     Download the McAfee Agent extension package (ex. Epoagentmeta.zip)

·     Log in to the ePO console

·     Check in the two packages to the master repository

  1. Click Menu | Software | Master Repository
  2. Select Actions | Check In Package at the bottom left of the screen
  3. Leave the default Package Type selected Product or Update (.ZIP)
  4. Click the Browse button and navigate to the agent package (ex. MA450MAC.zip)
  5. Follow the on screen options to complete the check in process
  6. When the package check in is complete click Menu | Software | Extensions
  7. Select Install Extension from the bottom left of the screen
  8. Click the Browse button and navigate to the agent extension package              (ex. Epoagentmeta.zip)
  9. Follow the on screen options to complete the check in process
  10. Once the McAfee Agent 4.x is fully checked into the ePO server the install file is ready.

·     Copy the install file locally to the Mac or to a shared drive that can be access from the Mac.  The install file can be found on the ePO server

  1. <drive>\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700MACX\Install409\install.sh

·     Note:  The path shown above is for the McAfee Agent 4.5.  The path for the 4.0 agent will be in a different EPOAGENT3xxxMACX directory

·     After the file is copied to the shared drive or locally it is ready to use for the installation

·     Open the terminal on the Mac and type the following in the same directory where install.sh is stored

  1. 1. Chmod +x install.sh (this adds execute mode to the file)
  2. 2. Sudo ./install.sh –i (this runs the install using the –i switch)

·     When the installation completes wait 5-10 minutes for the agent to check into ePO.  It will most likely be found in the Lost & found group unless sorting is turned on.  If the machine does not populate in the ePO system tree after 10-15 minutes restart the machine if possible.

  1. If a machine has the McAfee Agent 4.0 and needs to be manually upgraded to 4.5 perform the following:

·     Copy the install file locally to the Mac or to a shared drive that can be access from the Mac.  The install file can be found on the ePO server

  1. <drive>\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700MACX\Install409\install.sh

·     After the file is copied to the shared drive or locally it is ready to use for the installation

·     Open the terminal on the Mac and type the following in the same directory where install.sh is stored

  1. 1. Chmod +x install.sh (this adds execute mode to the file)
  2. 2. Sudo ./install.sh –u (this runs the upgrade using the –u switch)

Removing the McAfee Agent 4.x

How to remove an agent via the ePO console (managed)

  1. Once the environment is established and the majority of the systems are managed by ePO; removal is done via the ePO console.

·     To remove the agent using the ePO console perform the following steps:

  1. Click Menu | System Tree
  2. Select the system(s) form the system tree
  3. Select Actions| Directory Management | Delete
  4. A delete message will appear asking to Remove the Agent
  5. Select the check box and click Ok
  6. The next time the McAfee Agent checks into the ePO server or Agent Handler it will then perform the uninstall

How to remove an agent using terminal (managed or unmanaged)

  1. In some instances removing the agent on a machine is not possible from the ePO console.  This usually occurs when the machine is not connected to the network or when the Agent is having issues connecting to the ePO server.

·     To remove the agent using the terminal perform the following steps:

  1. Log on to the machine or SSH to the machine
  2. Open terminal (Shell Prompt)
  3. Change to the McAfee directory /Library/McAfee/cma
  4. Type sudo ./uninstall.sh
  5. Wait for the script to display “Agent uninstalled”

Installing products via the McAfee Agent 4.x

How to install McAfee Security for Mac via the ePO console

  1. McAfee Security for Mac – AV can be installed using via the agent from the ePO server.

·     Before the software can be deployed it is necessary to check in the two packages to the master repository.  Download the software package so that it can be checked into the Master Repository.  The McAfee Security for Mac software is tricky so it is important to follow the next steps exactly.

  1. Unzip MSMAntimalware10LML.zip
  2. Locate and unzip ePO Component that is found inside the unzipped directory MSMAntimalware10LML
  3. Click Menu | Software | Master Repository
  4. Select Actions | Check In Package at the bottom left of the screen
  5. Leave the default Package Type selected Product or Update (.ZIP)
  6. Click the Browse button and navigate to the agent package (ex. <drive>/Downloads/MSMAntimalware10LML/ePO Component/ePO 4.x Deployment Packages/McAfee Security for Mac-Anti-malware-1.0-RTW-ePO-676.zip)
  7. Follow the on screen options to complete the check in process
  8. When the package check in is complete click Menu | Software | Extensions
  9. Select Install Extension from the bottom left of the screen
  10. Click the Browse button and navigate to the agent extension package              (ex. <drive>/Downloads/MSMAntimalware10LML/ePO Component/ePO 4.x Extensions/McAfee Security for Mac-1.0-Anti-malware.zip)
  11. Follow the on screen options to complete the check in process
  12. Click the Browse button again and navigate to the agent reports extension package (ex. <drive>/Downloads/MSMAntimalware10LML/ePO Component/ePO 4.x Extensions/McAfee Security for Mac-1.0-Reports.zip)
  13. Follow the on screen options to complete the check in process

·     After checking the software into the Master Repository the product is ready to deploy

  1. Log into the ePO Console
  2. Select Menu | System Tree
  3. Choose the Group or subgroup from the system tree where the task should be created
  4. Under the My Organization field select the Client Tasks tab
  5. Click New Task at the bottom of the screen
  6. Name the task and enter any necessary notes then choose Product Deployment from the drop down menu then select Next.
  7. On the configuration page select Mac for the Target Platform
  8. Choose McAfee Security for Mac – AV 1.0.xxx from the drop down menu
  9. Ensure that Install is selected for the action type then select Next
  10. At the Schedule section make the desired selections then click Next then Save
  11. Wait for the systems to check into ePO or issue a Wake Up call for them to pull down the new task

How to remove McAfee Security for Mac via the ePO console

  1. The most common way to remove software is through the ePO console.

·     To remove the agent using ePO perform the following steps:

  1. Log into the ePO Console
  2. Select Menu | System Tree
  3. Choose the Group or subgroup from the system tree where the task should be created
  4. Under the My Organization field select the Client Tasks tab
  5. Click New Task at the bottom of the screen
  6. Name the task and enter any necessary notes then choose Product Deployment from the drop down menu then select Next.
  7. On the configuration page select Mac for the Target Platform
  8. Choose McAfee Security for Mac – AV 1.0.xxx from the drop down menu
  9. Ensure that Remove is selected for the action type then select Next

Wait for the systems to check into ePO or issue a Wake Up call for them to pull down the new task


Comments : Leave a Comment »

Categories : Uncategorized

ePO 4.5 Server Services

22 04 2010

ePolicy Orchestrator Server Services

Prerequisites

  • ePO 4.5 must be up and running

Description of the ePO Services

McAfee ePolicy Orchestrator 4.5.0 Server

  • The Server Service is responsible for running the Apache Server.  Apache is used by the ePO server and Agent Handlers to accept client communications.  Amongst many tasks Apache checks the digital signature for all incoming communication packets from managed clients.  Clients communicate with Apache by using a proprietary protocol called SPIPE.  The data transferred over SPIPE is encrypted using TLS.  Apache also stores new policies and tasks in the Apache Cache. McAfee Agents check the Apache Cache for any policy or task changes.  Because Apache interfaces with each individual client it is responsible for tag management, group assignment, and agent sorting.
  • Once the Apache Server inspects all packets and completes the agent management, assignment of systems, and passes policies and /or tasks it is responsible for passing all packets of data from the McAfee Agents to the Event Parser.

McAfee ePolicy Orchestrator 4.5.0 Event Parser

  • The Event Parser is used by the ePO server and Agent Handlers along with the Apache Server.  The Event Parser is responsible for examining all incoming events to the ePO server and Agent Handlers.  Once packets of data are sent from the Apache Server, the Event Parser is responsible for normalizing events.  After normalization the Event Parser determines if the event(s) is critical or normal. If an event is categorized as critical it will then pass a command to the Application Server to create a notification.
  • All events are standardized by the Event Parser using a Common Event Format.  This helps to format all the fields for event records in the database.  Point products send by using a table called “ePOEvents” so that the events can properly be stored.    Events are stored in the database through the Data Access Layer (DAL) using an Active X Object connection called ADO.

McAfee ePolicy Orchestrator 4.5.0 Application Server

  • The Application Server Service runs Tomcat.  Tomcat runs the console user interface.  The Application Server Service only runs on the ePO Server.  This is the most distinguishable difference between ePO Servers and Agent Handlers.  All ePO servers have a user interface / console to log into.  Agent Handlers do not have any interface for management.  They are installed and run the Apache Server and Event Parser only.
  • The Application Server (Tomcat) is also responsible for all extension management and user management.  Extensions are Point Product packages that are added to the system to allow users to manage policies, create reports, tags, and deploy software via the ePO console.  In addition to system management and configuration users can log into the ePO Console and run reports.  The ePO server uses a Structured Query User Interface (SQUID) to run reports directly from the SQL DB.

Stopping, Starting, and Restarting ePO Services

Whenever issues may arise or for any other reason the services can be stopped restarted, or if they are not turned on they can be started via the Windows Operating System Services

  • Click Start | Administrative Tools | Services and locate the ePO Services
  • When Stopping the services it is important to stop them in the following order:
    • McAfee ePolicy Orchestrator 4.5.0 Server
    • McAfee ePolicy Orchestrator 4.5.0 Event Parser
    • McAfee ePolicy Orchestrator 4.5.0 Application Server
  • When Starting the Services It is important to start them in the following order:
    • McAfee ePolicy Orchestrator 4.5.0 Application Server
    • McAfee ePolicy Orchestrator 4.5.0 Event Parser
    • McAfee ePolicy Orchestrator 4.5.0 Server
  • When Restarting the services they can be independently restarted.
    • Note: Generally the only service that will need to be restarted on occasion is the Application Server that runs Tomcat. The most common sign that the Application Server needs to be restarted is a series of error messages found when attempting to log into the web console.

Comments : Leave a Comment »

Categories : Uncategorized

Duplicate Agent GUID’s

22 04 2010

McAfee Agent GUID Management

Prerequisites

  • ePO must be up and running
  • The administrator must have a working knowledge of ePO
  • The McAfee Agent must be installed on the machine

Before Capturing an Image

Delete the Agent GUID and MAC address keys

  1. Open Registry Editor
  • Click Start | Run type Regedit
  • Navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent]
  • Right-Click MacAddress and select Delete
  • Right-Click AgentGUID and select Delete
  1. Shut down the OS immediately after performing Step 1 so that the Agent does not check into the ePO server and create a new Agent GUID.

Finish the Image Process:

  • Capture the image with the image software (Ghost, Acronis, Alteris, etc.)
  • Push the image out to the computers that are to be imaged
  • Start the computers and run any tools necessary to rename them.
  • The McAfee Framework Service will start and check in with the ePO server
    • A new AgentGUID key is created
    • A new MacAddress key is created
    • The ePO database is updated and the system tree is populated


More Information about the Agent GUID

The McAfee Agent Global Unique Identifier is created when the agent is installed on a machine.  The GUID is specific to McAfee and cannot be changed by renaming the machine or running any tools such as SYSPREP.  If a machine is cloned and the registry keys referenced above are not removed the database will be populated with duplicate GUIDs for different machine names.  The data in the database is then falsified because it is not populated with the correct machine properties in the database tables.

Live Systems with Duplicate GUIDs

In the event that machines are already in the environment and possibly have duplicate GUIDs perform the following steps depending on the ePO Server Version.

ePO 4.0 Agents

  1. Open Registry Editor
  • Click Start | Run type Regedit
  • Navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent]
  • Right-Click MacAddress and select Delete
  • Right-Click AgentGUID and select Delete
  1. Restart the machine so that the Agent checks into the ePO server and creates a new Agent GUID.

ePO 4.5 Agents

  1. Log into ePO via IE or Firefox
  • Select Menu | Automation | Server Tasks
  • Select Run on the task named Delete Agent GUID – remove systems with potentially duplicated GUIDs
  • Select Run on the task named Duplicate Agent GUID – clear error count
  • Issue a wakeup call to all the systems so that they check in and create new GUIDs if necessary.

Important: Before modifying the registry back it up in the event that a problem occurs.  For more information about how to backup, restore, and edit the registry, see http://support.microsoft.com/kb/256986/EN-US/

Notes: The matching GUID and / or MAC address values affect the process used when computers check in, preventing properties from being recorded correctly, and prohibit enforcement.  If machines appear and then disappear from the System Tree, then it is a great possibility that machines have the same AgentGUID as another managed machine.

Related Knowledgebase Articles:

8078252: Understanding how the Agent GUID is used by the ePolicy Orchestrator Server

KB43846: Rogue System Detection responds to managed machines as rogue

KB45372: Unable to see both nodes of a cluster in the ePO directory because of duplicate MAC address issues.


Comments : Leave a Comment »

Categories : Uncategorized

Patch One with Agent Handlers

22 04 2010

Patch one for McAfee was released this past month and comes with one little surprise.

If you plan to install an agent handler in your environment make sure to install using Patch 1 or it will not be able to connect to the ePO server.  Also if you have an existing ePO server that you update to Patch 1 make sure to update all Agent Handlers to Patch 1 as well.

-JT


Comments : Leave a Comment »

Categories : Uncategorized

ePO 4.5 News

22 04 2010

Just learned some interesting facts about ePO 4.5.

McAfee will no longer support the change of name for the ePO 4.5 server.  It will break the security certificates for the user log on and the Orion certificates that the agents use to check into ePO using TLS.

-JT


Comments : Leave a Comment »

Categories : Uncategorized

ePolicy Orchestrator

22 04 2010

Centralized management of your security suite from McAfee.  This is dream software for anybody that wants to have the utmost control of their security suite.  Where else are you able to manage all your machines software installs, policies for each piece of software, report on events, and send notifications.  It may very well be the best SRM tool out there.  I know I drank some of the Kool Aid here at McAfee and really push some of what the company trends towards.  Whatever the trend may be I still practice what I preach, and like any good minister I believe in what I do regardless of the company input.  I honestly can say that I feel our products perform at a world class level without comparison.  Most of the greatness found in McAfee stems from ePolicy Orchestrator.

Installation is easy and in most environments can be done quickly.  I do recommend having a person with experience assist in the architectural design, but as far as installing the software its a snap.

-JT


Comments : Leave a Comment »

Categories : Uncategorized

« Previous Entries