McAfee ePO agent stops updating DATS

Posted on 2009-12-21
Last Modified: 2013-12-09
Antivirus 8.7i, ePO agent 4.5
Servers and PCs running Windows 2000, 2003 sp2 & R2 and Xp Pro sp2 will communicate fine for 1 to 2 weeks and then stop updating the DATS. The list of random non-compliant devices changes.
Once a machine is on the list, it stays until manually updated. McAfee responds with "restart" but some cannot be restarted without down notification-and irritated customers.

It's not a duplicate GUID problem as they are appearing in the ePO console. Occasionally, it is a low disk space issue but usually not. I see posts on McAfee forums suggesting that one toggle the Framework service or restart McShield. All recomendations are manual which is difficult in our 5000 PC and 500 server environment.

Has anyone found a more convenient process for regaining client to server communication other than a restart?
Question by:bstillion
    LVL 4

    Accepted Solution

    I am wondering, what does the Agent Log say about your update problem? Did you schedule a Product Update task and does it run on the correct time or at all? Are you using distributed repositories or superagent repositories? Maybe even agent handlers. Something may be wrong with the following, so please check:

    Repository Pull Tasks (and DAT versions in the Master Repository, as well as distributed repositories)
    Client "product Update" tasks, their schedule etc.
    Check the Agent Log on some systems to see if the correctly configured product update task runs at all and what error (if any) is returned

    By the way, it might be a good idea to check "Disable the Default Auto-Update Task" from the VirusScan Enterprise User Interface Policies, although this is not going to resolve the problem. :)

    Author Comment

    I look at these areas when a server appears on the non-compliant report tomorrow morning.

    LVL 4

    Expert Comment

    Is this still an issue?  Have you looked at the server.log on the ePO server?  Possibly getting invalid response or other errors?  Probably need to re-install the agent.

    Author Comment

    This is still an issue/mystery.
    I still have to check the items suggested by "AimToPlease" above but
    am wondering if many of those apply since scheduled tasks work fine
    on the device for a period and then stop working randomly.

    I will go through each item and confirm that it is working as suggested
    and in the process may discover new facts.

    I did a search for server.log on the ePO server but found nothing.

    LVL 4

    Expert Comment

    It can be found in c:\program files\McAfee\ePolicy Orchestrator\DB\Logs folder. :)
    LVL 4

    Assisted Solution

    The agent and server logs should point you in the right direction.  I still get a rather large number of invalid response errors from workstations -- some are transient errors and others are persistent. The persistent once I re-install the agent.  Try sending sending a wake-up call to one with a 2 minute delay, then delete it from ePO.   See if it connects and updates -- then try subsequent wake-ups and  see if they allow it to connect ok.  Check the logs, etc.

    Have any of the clients previously reported to a different ePO server?  You can still have a guid issue that does not show up in the duplicate guid report because that only goes off sequence errors.  You can still have other guid related issues.  The guid is generated from the IP address, MAC address, and the ePO server key (or cert maybe?).  So based on that, you can have a server reject a guid as being out of range if it previously reported to different ePO server and the guid wasn't properly overwritten.  However, this doesn't sound like your issue -- just an example of a non sequence error guid issue.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Change your it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
    PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now