Solved

McAfee errors part2

Posted on 2007-04-01
19
1,112 Views
Last Modified: 2013-11-22
Hello again, I have a server that is configured with McAfee VS Ent. 7.1 and ePo 3.5.  My server d/l the updates and pushes it to the machines however, I see machines that are in my ePo Lost and Found and under my Domain that are listed but not checked green.  Is there a way to update my ePo to show all the machines checked green in the domain and Lost and found in ePo?  Why are they not checked green?

Also, go2dave showed me the path and ports for the HTTP and FTP sites, how do I add my server path to the repository update?  When I try and view the server path on a known good machine using admin rights, I am unable to see the path although its using the server as a primary repository.

Thanks-
0
Comment
Question by:lazik
  • 7
  • 7
  • 5
19 Comments
 
LVL 38

Accepted Solution

by:
younghv earned 250 total points
Comment Utility
lazik,
Just a couple of 'general' comments.
If you have the ePO 'Agent' installed on your boxes, they should be 'pulling' the updates down - not being pushed by the server.
Lost and Found boxes - when you check the 'Properties' to make sure they actually have the Agent loaded?
Usually, no checkmark = no Agent.
The ePO server will scan your network looking for all hosts and report back anything it 'sees' out there.
I used to have a "Push Agent" folder that was configured to "Force Install" the Agent on any box that I moved into it.
The whole Repository path/console piece can be covered by someone (Dave or legalsr) who has actually seen one recently - but it won't be that difficult.

More later.

Vic
0
 
LVL 2

Expert Comment

by:go2dave
Comment Utility
lazik,
Sorry I haven't respnded sooner I have been busy with other issues.
The checkmark being absent is an indicator of the agent not being installed.
You may also have duplicate objects and one will have the check and one will not. If so remove the duplicate.
You can right click on the object send choose agent install as well.
Afterwards you need to right click and send agent wakeup call to get it to display.
It will take some time to display the checkmark.
Also after you do the above steps right click on the object and choose server events.
This log will tell whether the agent install was successful or not.







0
 
LVL 38

Expert Comment

by:younghv
Comment Utility
One of the frequent problems I had with ePO Agents was when an Admin would change the local host name - without changing it in ePO.
Sometimes, the name as shown in ePO will NOT be the actual host name.

You can also do an ePO 'Search for Duplicates' that will frequently show two versions of the same host. One in the proper folder (with the checkmark) and one in 'Lost and Found' (with no checkmark).

Vic
0
 

Author Comment

by:lazik
Comment Utility
Thanks Vic and go2dave, The agent installed failed on each machine I tried. And I have 84 duplicates. alot of the machines are only receiving the updates from the mcafee site (now that you showed me the config) and not the server here on my domain, when I try and edit my server name to see what path to type in to the repository list, it reads Enabled Read only.   I think I need to add my server to the repository list, what do I type in?  Even with admin rights I am unable to view/edit this.


0
 

Author Comment

by:lazik
Comment Utility
Duplicates gone.
0
 
LVL 2

Expert Comment

by:go2dave
Comment Utility
lazik,
Try this from Mcafee's KBASE
It has you export the repository list and do a manual install of the agent pointing to the correct list.
When you do the manual install specify the path you used in the export process.


Log on to the ePO console.
Click Repository, Software Repositories.
In the right pane at the top of the page, click Export repository list.
When the Export repository list wizard appears, click Next at the first screen.
Type the path where you want to save the repository list, or click Browse to select a location, then click Next.
Click Finish to export the repository list (SiteList.xml) to the location you specified.
Click Close.
To enable the agent to use the repository list exported, locate the default framepkg.exe on the ePO server and run it with the following commands on the client computer:

framepkg.exe /install=agent /SITEINFO=<drive>:\<path>\SiteList.xml
Locations of the default FramePkg.exe:
ePO3.x
...\ePO\3.x.x\DB\Software\Current\EPOAGENT3000\Install\0409\

Dave
0
 
LVL 2

Expert Comment

by:go2dave
Comment Utility
lazik,

I would try what I suggested on a test machine first.
Sorry I meant to include that in the last post.


Dave
0
 

Author Comment

by:lazik
Comment Utility
Thanks dave, I'm able to export the list to my desktop with no problem however, I am a bit confused on the framepkg.exe.  

Do I need the ePo service installed on all my machines to receive the updates from mcafee?  How do I config my server path to the clients so that they are receiving the updates?  Several of the machines are using the mcafee sites for the repository updates, will this populate in ePo and have those machines checked with the green mark?  I am still unable to send the agent install also.
Thanks for your help thus far.
0
 

Author Comment

by:lazik
Comment Utility
Well I suppose my workstation has the ePo so I connect to the server that has the VS Ent installed on.  I will answer my own question and say No...the client workstations do not need ePo installed.
After looking at two different workstations that are current on the DAT files, one is receiving the update directly from the McAfee website that (go2dave) showed me how to configure and the other is/was already set to my server and reciving the update-both are in the domain container in ePo and both are unchecked and the agent install fails on both.  Also, I have machines that are no longer on the network that are checked green, I suppose I could simply delet these.

Any additional help will be greatly appreciated- Thanks
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 38

Expert Comment

by:younghv
Comment Utility
lazik,
Every computer on your domain MUST have the ePO agent installed and checking in with the ePO server.
That is the most critical piece of an ePO installation - every computer you have.
If you can't 'push' the install to the local machine, you can log onto them locally (or remotely) and 'pull' the framepkg file down from the server.

Your server should be configured to function as the primary 'Repository' of the DAT files.
If the local Agent cannot pull the update from the ePO server, it should be configured to jump to alternate sites (as mentioned above).

I used to configure ePO to dump any computer (that had not checked in with the ePO server for 30 days) into an 'Inactive' folder.
I would check this folder daily to find out why the computer had stopped checking in.

The 'Reporting' and 'Search' functions is critical to managing ePO and you need to become familar with how to use both of those tools.

Vic
0
 

Author Comment

by:lazik
Comment Utility
Thanks Vic, but why do machines have the most current DAT file from the ePo server from my domain and no ePo agent installed?  Or perhaps I'm totally lost on this??  If the machine (s) is configured to receive the DAT file from my ePo server with no ePo agent installed and no green check and unable to receive the agent...what is the issue?

How do I pull the framepkg file down from the server once I'm remotely logged into a machine?

Thanks for the info....again.
0
 
LVL 38

Expert Comment

by:younghv
Comment Utility
The basic McAfee app will run updates anywhere it can - but if it is using the Internet to do it, you are wasting band-width -- plus your ePO server is not keeping track of the action.

The 'Reporting' function is critical to knowing what is going on with your AV protection.
I used to run the report for 'Current' DAT files the first thing every morning.
I wanted to know (1) if any box on my domains had not checked in overnight, and (2) what percentage of total boxes had the latest DAT files (98-99% is minimally acceptable).

As far as the 'framepkg' - all you have to do is 'share' the folder it is in on your ePO server.
Then from the remote computer, navigate the UNC path \\ePO_Server\Agent_Share and run the install.
There is a 'force' command of some sort (I forget details) that will help.

Also - we made great use of the "psexec" tool from SysInternals to do all of the remote work.

More later - have to run.

Vic
0
 

Author Comment

by:lazik
Comment Utility
Maybe I should start from the begining of this task as I see it...I should first begin and make sure all the machines are configured to update from my local ePo server so I am not wasting bandwidth,  I have too many machines receiving the DAT file from the mcafee web site and not my server.  When I am logged onto a box what do I type in for my domain ePo server under the repository list?  I know go2dave helped with the HTTP/FTP sites however, I think  I should have all the boxes set to my ePo server as the primary repository and use the HTTP/FTP as backups.  Do you agree?  I'm sure I misunderstood something earlier.
WOW Thanks again for helping me to understand all this.
0
 
LVL 38

Expert Comment

by:younghv
Comment Utility
lazik,
I was lucky in that McAfee sent field Technicians to help with each of my startups.
When you have a pro like that with you for a couple of days, all of this stuff gets taken care of up front.

Definitely all boxes should look to the server for their dat updates first.
If they can't hit the server for any reason, you can set up a 'SuperAgent' (something like that) on a box at remote WAN sites.
Third on the list of 'update sites' is the HTTP/FTP sites.

I used to spend a lot of time at the McAfee FAQ site reading through the posts.
You will see a wide range of users there - from absolute rookies to some stone pros on all of this.
https://knowledge.mcafee.com/SupportSite/supportcentral/supportcentral.do?id=m1

When Dave checks back in, he can fill in some of the blanks. As I mentioned, I'm retired now and trying to do all of this from memory.

Vic
0
 
LVL 2

Assisted Solution

by:go2dave
go2dave earned 250 total points
Comment Utility
lazik,
Sorry, I have been extremely busy this week and unable to check mail til now
(one of the downsides of  being an independent consultant is the unpredictable work flow)

I agree with Vic completely on all points.
I would make sure each workstation has the agent installed and proceed from there.
Make sure to use the agent from your EPO server using the send agent install from the console.
If you are unable to push the agent you can install it on the workstation(s) using the command in my previous post.

The workstations need the agent installed to report in to the EPO server.
They use the default autoupdate configuration to get their own dats if they do not have the agent installed as they are unaware of the Repository, EPO server, or Sitelist.xml.

You do want the EPO server to pull the updates and for the workstations to pull from it to save bandwidth, depending on the number of workstations they can use a considerable amount.
When you install the agent it has the EPO server information and credentials embedded in the installer. This is how the agents know where the EPO server is and what policies apply to them.

I also agree with the reporting as it is a great asset to help locate workstations not updating, client versions, infected workstations, as well as many other things.

I attended Mcafee's Total Intranet Defense Training 2 years ago in Orlando and it was really detailed and helpful. It covered Virusscan Enterprise 8.x and EPO server and all of the configuration and management aspects. I highly recommend it to anyone new to the products.  
Here is the link to the training https://mcafee.edu.netexam.com/CatalogItem.asp?ID=2786

I know this was long winded but let me know if I can be of further assistance,

Dave




0
 

Author Comment

by:lazik
Comment Utility
I'm not sure what to say... you two Experts just walked me through the config/operations and greatly increased my control/security and confidence of this network, Thank you very much.  Lazik
0
 
LVL 38

Expert Comment

by:younghv
Comment Utility
Lazik,
Thank you for the point split (but I think Dave did the heavy lifting).

There are a couple of guys around here (Dave and Si) who can really make ePO sit up and bark.
Come on back in here when you need more - and - check in at the McAfee site for the discussions.

Vic
0
 
LVL 2

Expert Comment

by:go2dave
Comment Utility
lazik,
Glad to hear we were able to assist and thanks for the points.
I regret that I had not participated on this site earlier.
I will check more often for EPO/VSCAN issues to see if I can help.
Please do come back if you need anything else.

P.S. Thanks for the vote of confidence Vic I really appreciate it.


Dave
0
 
LVL 38

Expert Comment

by:younghv
Comment Utility
@ Dave -
Check out this link on the 'Filter' process - that will help you sort through the thousands of posts here.
The new 'look' of the site had me flummoxed for a while until I figured the filter out.

http://www.experts-exchange.com/Community_Support/General/Q_22388928.html?sfQueryTermInfo=1+ee+filter+new

Vic
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

12 Steps to a more secure Internet experience (http://tekblog.teksquisite.com/) Everyone who is a licensed driver initially had to pass a driving test that consisted of taking:    1. a written test    2. a road test    3. a vision test Le…
UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now