McAfee errors part2

Hello again, I have a server that is configured with McAfee VS Ent. 7.1 and ePo 3.5.  My server d/l the updates and pushes it to the machines however, I see machines that are in my ePo Lost and Found and under my Domain that are listed but not checked green.  Is there a way to update my ePo to show all the machines checked green in the domain and Lost and found in ePo?  Why are they not checked green?

Also, go2dave showed me the path and ports for the HTTP and FTP sites, how do I add my server path to the repository update?  When I try and view the server path on a known good machine using admin rights, I am unable to see the path although its using the server as a primary repository.

Thanks-
lazikAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

younghvCommented:
lazik,
Just a couple of 'general' comments.
If you have the ePO 'Agent' installed on your boxes, they should be 'pulling' the updates down - not being pushed by the server.
Lost and Found boxes - when you check the 'Properties' to make sure they actually have the Agent loaded?
Usually, no checkmark = no Agent.
The ePO server will scan your network looking for all hosts and report back anything it 'sees' out there.
I used to have a "Push Agent" folder that was configured to "Force Install" the Agent on any box that I moved into it.
The whole Repository path/console piece can be covered by someone (Dave or legalsr) who has actually seen one recently - but it won't be that difficult.

More later.

Vic
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
go2daveCommented:
lazik,
Sorry I haven't respnded sooner I have been busy with other issues.
The checkmark being absent is an indicator of the agent not being installed.
You may also have duplicate objects and one will have the check and one will not. If so remove the duplicate.
You can right click on the object send choose agent install as well.
Afterwards you need to right click and send agent wakeup call to get it to display.
It will take some time to display the checkmark.
Also after you do the above steps right click on the object and choose server events.
This log will tell whether the agent install was successful or not.







0
younghvCommented:
One of the frequent problems I had with ePO Agents was when an Admin would change the local host name - without changing it in ePO.
Sometimes, the name as shown in ePO will NOT be the actual host name.

You can also do an ePO 'Search for Duplicates' that will frequently show two versions of the same host. One in the proper folder (with the checkmark) and one in 'Lost and Found' (with no checkmark).

Vic
0
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

lazikAuthor Commented:
Thanks Vic and go2dave, The agent installed failed on each machine I tried. And I have 84 duplicates. alot of the machines are only receiving the updates from the mcafee site (now that you showed me the config) and not the server here on my domain, when I try and edit my server name to see what path to type in to the repository list, it reads Enabled Read only.   I think I need to add my server to the repository list, what do I type in?  Even with admin rights I am unable to view/edit this.


0
lazikAuthor Commented:
Duplicates gone.
0
go2daveCommented:
lazik,
Try this from Mcafee's KBASE
It has you export the repository list and do a manual install of the agent pointing to the correct list.
When you do the manual install specify the path you used in the export process.


Log on to the ePO console.
Click Repository, Software Repositories.
In the right pane at the top of the page, click Export repository list.
When the Export repository list wizard appears, click Next at the first screen.
Type the path where you want to save the repository list, or click Browse to select a location, then click Next.
Click Finish to export the repository list (SiteList.xml) to the location you specified.
Click Close.
To enable the agent to use the repository list exported, locate the default framepkg.exe on the ePO server and run it with the following commands on the client computer:

framepkg.exe /install=agent /SITEINFO=<drive>:\<path>\SiteList.xml
Locations of the default FramePkg.exe:
ePO3.x
...\ePO\3.x.x\DB\Software\Current\EPOAGENT3000\Install\0409\

Dave
0
go2daveCommented:
lazik,

I would try what I suggested on a test machine first.
Sorry I meant to include that in the last post.


Dave
0
lazikAuthor Commented:
Thanks dave, I'm able to export the list to my desktop with no problem however, I am a bit confused on the framepkg.exe.  

Do I need the ePo service installed on all my machines to receive the updates from mcafee?  How do I config my server path to the clients so that they are receiving the updates?  Several of the machines are using the mcafee sites for the repository updates, will this populate in ePo and have those machines checked with the green mark?  I am still unable to send the agent install also.
Thanks for your help thus far.
0
lazikAuthor Commented:
Well I suppose my workstation has the ePo so I connect to the server that has the VS Ent installed on.  I will answer my own question and say No...the client workstations do not need ePo installed.
After looking at two different workstations that are current on the DAT files, one is receiving the update directly from the McAfee website that (go2dave) showed me how to configure and the other is/was already set to my server and reciving the update-both are in the domain container in ePo and both are unchecked and the agent install fails on both.  Also, I have machines that are no longer on the network that are checked green, I suppose I could simply delet these.

Any additional help will be greatly appreciated- Thanks
0
younghvCommented:
lazik,
Every computer on your domain MUST have the ePO agent installed and checking in with the ePO server.
That is the most critical piece of an ePO installation - every computer you have.
If you can't 'push' the install to the local machine, you can log onto them locally (or remotely) and 'pull' the framepkg file down from the server.

Your server should be configured to function as the primary 'Repository' of the DAT files.
If the local Agent cannot pull the update from the ePO server, it should be configured to jump to alternate sites (as mentioned above).

I used to configure ePO to dump any computer (that had not checked in with the ePO server for 30 days) into an 'Inactive' folder.
I would check this folder daily to find out why the computer had stopped checking in.

The 'Reporting' and 'Search' functions is critical to managing ePO and you need to become familar with how to use both of those tools.

Vic
0
lazikAuthor Commented:
Thanks Vic, but why do machines have the most current DAT file from the ePo server from my domain and no ePo agent installed?  Or perhaps I'm totally lost on this??  If the machine (s) is configured to receive the DAT file from my ePo server with no ePo agent installed and no green check and unable to receive the agent...what is the issue?

How do I pull the framepkg file down from the server once I'm remotely logged into a machine?

Thanks for the info....again.
0
younghvCommented:
The basic McAfee app will run updates anywhere it can - but if it is using the Internet to do it, you are wasting band-width -- plus your ePO server is not keeping track of the action.

The 'Reporting' function is critical to knowing what is going on with your AV protection.
I used to run the report for 'Current' DAT files the first thing every morning.
I wanted to know (1) if any box on my domains had not checked in overnight, and (2) what percentage of total boxes had the latest DAT files (98-99% is minimally acceptable).

As far as the 'framepkg' - all you have to do is 'share' the folder it is in on your ePO server.
Then from the remote computer, navigate the UNC path \\ePO_Server\Agent_Share and run the install.
There is a 'force' command of some sort (I forget details) that will help.

Also - we made great use of the "psexec" tool from SysInternals to do all of the remote work.

More later - have to run.

Vic
0
lazikAuthor Commented:
Maybe I should start from the begining of this task as I see it...I should first begin and make sure all the machines are configured to update from my local ePo server so I am not wasting bandwidth,  I have too many machines receiving the DAT file from the mcafee web site and not my server.  When I am logged onto a box what do I type in for my domain ePo server under the repository list?  I know go2dave helped with the HTTP/FTP sites however, I think  I should have all the boxes set to my ePo server as the primary repository and use the HTTP/FTP as backups.  Do you agree?  I'm sure I misunderstood something earlier.
WOW Thanks again for helping me to understand all this.
0
younghvCommented:
lazik,
I was lucky in that McAfee sent field Technicians to help with each of my startups.
When you have a pro like that with you for a couple of days, all of this stuff gets taken care of up front.

Definitely all boxes should look to the server for their dat updates first.
If they can't hit the server for any reason, you can set up a 'SuperAgent' (something like that) on a box at remote WAN sites.
Third on the list of 'update sites' is the HTTP/FTP sites.

I used to spend a lot of time at the McAfee FAQ site reading through the posts.
You will see a wide range of users there - from absolute rookies to some stone pros on all of this.
https://knowledge.mcafee.com/SupportSite/supportcentral/supportcentral.do?id=m1

When Dave checks back in, he can fill in some of the blanks. As I mentioned, I'm retired now and trying to do all of this from memory.

Vic
0
go2daveCommented:
lazik,
Sorry, I have been extremely busy this week and unable to check mail til now
(one of the downsides of  being an independent consultant is the unpredictable work flow)

I agree with Vic completely on all points.
I would make sure each workstation has the agent installed and proceed from there.
Make sure to use the agent from your EPO server using the send agent install from the console.
If you are unable to push the agent you can install it on the workstation(s) using the command in my previous post.

The workstations need the agent installed to report in to the EPO server.
They use the default autoupdate configuration to get their own dats if they do not have the agent installed as they are unaware of the Repository, EPO server, or Sitelist.xml.

You do want the EPO server to pull the updates and for the workstations to pull from it to save bandwidth, depending on the number of workstations they can use a considerable amount.
When you install the agent it has the EPO server information and credentials embedded in the installer. This is how the agents know where the EPO server is and what policies apply to them.

I also agree with the reporting as it is a great asset to help locate workstations not updating, client versions, infected workstations, as well as many other things.

I attended Mcafee's Total Intranet Defense Training 2 years ago in Orlando and it was really detailed and helpful. It covered Virusscan Enterprise 8.x and EPO server and all of the configuration and management aspects. I highly recommend it to anyone new to the products.  
Here is the link to the training https://mcafee.edu.netexam.com/CatalogItem.asp?ID=2786

I know this was long winded but let me know if I can be of further assistance,

Dave




0
lazikAuthor Commented:
I'm not sure what to say... you two Experts just walked me through the config/operations and greatly increased my control/security and confidence of this network, Thank you very much.  Lazik
0
younghvCommented:
Lazik,
Thank you for the point split (but I think Dave did the heavy lifting).

There are a couple of guys around here (Dave and Si) who can really make ePO sit up and bark.
Come on back in here when you need more - and - check in at the McAfee site for the discussions.

Vic
0
go2daveCommented:
lazik,
Glad to hear we were able to assist and thanks for the points.
I regret that I had not participated on this site earlier.
I will check more often for EPO/VSCAN issues to see if I can help.
Please do come back if you need anything else.

P.S. Thanks for the vote of confidence Vic I really appreciate it.


Dave
0
younghvCommented:
@ Dave -
Check out this link on the 'Filter' process - that will help you sort through the thousands of posts here.
The new 'look' of the site had me flummoxed for a while until I figured the filter out.

http://www.experts-exchange.com/Community_Support/General/Q_22388928.html?sfQueryTermInfo=1+ee+filter+new

Vic
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.