[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3233
  • Last Modified:

McAfee ePO agent stops updating DATS

Antivirus 8.7i, ePO agent 4.5
Servers and PCs running Windows 2000, 2003 sp2 & R2 and Xp Pro sp2 will communicate fine for 1 to 2 weeks and then stop updating the DATS. The list of random non-compliant devices changes.
Once a machine is on the list, it stays until manually updated. McAfee responds with "restart" but some cannot be restarted without down notification-and irritated customers.

It's not a duplicate GUID problem as they are appearing in the ePO console. Occasionally, it is a low disk space issue but usually not. I see posts on McAfee forums suggesting that one toggle the Framework service or restart McShield. All recomendations are manual which is difficult in our 5000 PC and 500 server environment.

Has anyone found a more convenient process for regaining client to server communication other than a restart?
0
bstillion
Asked:
bstillion
  • 2
  • 2
  • 2
2 Solutions
 
AimToPleaseCommented:
I am wondering, what does the Agent Log say about your update problem? Did you schedule a Product Update task and does it run on the correct time or at all? Are you using distributed repositories or superagent repositories? Maybe even agent handlers. Something may be wrong with the following, so please check:

Repository Pull Tasks (and DAT versions in the Master Repository, as well as distributed repositories)
Client "product Update" tasks, their schedule etc.
Check the Agent Log on some systems to see if the correctly configured product update task runs at all and what error (if any) is returned

By the way, it might be a good idea to check "Disable the Default Auto-Update Task" from the VirusScan Enterprise User Interface Policies, although this is not going to resolve the problem. :)
0
 
bstillionAuthor Commented:
I look at these areas when a server appears on the non-compliant report tomorrow morning.

0
 
abausoneCommented:
Is this still an issue?  Have you looked at the server.log on the ePO server?  Possibly getting invalid response or other errors?  Probably need to re-install the agent.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
bstillionAuthor Commented:
This is still an issue/mystery.
I still have to check the items suggested by "AimToPlease" above but
am wondering if many of those apply since scheduled tasks work fine
on the device for a period and then stop working randomly.

I will go through each item and confirm that it is working as suggested
and in the process may discover new facts.

I did a search for server.log on the ePO server but found nothing.

0
 
AimToPleaseCommented:
It can be found in c:\program files\McAfee\ePolicy Orchestrator\DB\Logs folder. :)
0
 
abausoneCommented:
The agent and server logs should point you in the right direction.  I still get a rather large number of invalid response errors from workstations -- some are transient errors and others are persistent. The persistent once I re-install the agent.  Try sending sending a wake-up call to one with a 2 minute delay, then delete it from ePO.   See if it connects and updates -- then try subsequent wake-ups and  see if they allow it to connect ok.  Check the logs, etc.

Have any of the clients previously reported to a different ePO server?  You can still have a guid issue that does not show up in the duplicate guid report because that only goes off sequence errors.  You can still have other guid related issues.  The guid is generated from the IP address, MAC address, and the ePO server key (or cert maybe?).  So based on that, you can have a server reject a guid as being out of range if it previously reported to different ePO server and the guid wasn't properly overwritten.  However, this doesn't sound like your issue -- just an example of a non sequence error guid issue.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now