cancel
Showing results for 
Search instead for 
Did you mean: 

ATD Mcafee notification to EPO

Jump to solution

Hi Community

I had a notification task on EPO (automatic response)  sending us email alert when malicious files were identifyed on ATD , for some reason we don't see it running. we created the same based on the Threat Event Log events , matching for : 36725 and atd_detected_threat .

But we no longer  see this beeing generated on the logs when new files are positive for malicious on ATD, 

The settings on ATD are the same and the DXL setting is OK (up) and Publish Theat event publisher is also OK (up) and Epo integrations is good as well.

Was there any change en ATD software that migth have cause this ? Did anyone noticed similar situation?

Searching on the event threat log we no longer find this notifications

Labels (3)
1 Solution

Accepted Solutions

Re: ATD Mcafee notification to EPO

Jump to solution

Removing and loading the ATD extension resolved the problem.

The extension used is available under the download section of software of ATD 4.2  the version of the extension was 3.10.0.1

Problem solved !!

Thanks to the followup of Mcafee Support tecnician 😉

 

8 Replies
JoseRR
Level 9
Report Inappropriate Content
Message 2 of 9

Re: ATD Mcafee notification to EPO

Jump to solution

To start with, I would  personally check that ATD extension is checked in ePO, so event 36725 can be generated.

One thing is the Automatic Reponse not triggering and another that the events are not even the Threat log?

I would check Server Settings | Event filtering, just to make sure 36725 is there.

 

Re: ATD Mcafee notification to EPO

Jump to solution

Thank you for your reply

 

The 36725 is checked in server settings

The ATD extension is checked as well , but i don't see this events in the log ....

 

 

Reliable Contributor SWISS
Reliable Contributor
Report Inappropriate Content
Message 4 of 9

Re: ATD Mcafee notification to EPO

Jump to solution

Hi,

 

We currently have the same Problem. With ATD-3000 and TIE Server in production. Without A SIEM solution in place we can't differ to much in the alerts like we would. Extension is Installed too on EPO.

I think we already made a feature request for more info.

 

Greetings from Switzerland.

Re: ATD Mcafee notification to EPO

Jump to solution

We currently have a case open for this I will share the outcome of it, please share with us the feature request url or name we will gladly vote for it !

Thank you for contributing on this thread

Re: ATD Mcafee notification to EPO

Jump to solution

Removing and loading the ATD extension resolved the problem.

The extension used is available under the download section of software of ATD 4.2  the version of the extension was 3.10.0.1

Problem solved !!

Thanks to the followup of Mcafee Support tecnician 😉

 

JoseRR
Level 9
Report Inappropriate Content
Message 7 of 9

Re: ATD Mcafee notification to EPO

Jump to solution

Good to know there is a higher extension that 3.8. I didn't know it.

Well done

 

Highlighted

Re: ATD Mcafee notification to EPO

Jump to solution

Extension 3.10 exists since 2017 that I know , for some reason our stopped working without notice , could be related with some EPO upgrade or patch we might have applied .

 

It is clear for me that Mcafee software mangement is not the best in terms of organization , under the software catalog on EPO we only had 3.8 available as well 😞

im glad my sharing was of help maybe it can help others as well .

Cheers

 

Reliable Contributor SWISS
Reliable Contributor
Report Inappropriate Content
Message 9 of 9

If it would be a shareware for a few bucks i would return it.......

Jump to solution

Which ACADEMIC-student who works for Mcafee does manage that? Why does the software Manager in EPO not show it. The only way you find out is you dig into logiles under the Event handler \Debug\

Sorry guys, not for a box for USD 70'000.- marketprice. Answer the forum questions please. We don't care if ist done by the indians, the spanish or SOPHIA TIER I-II or you guys who manage the Website/support site beside the rollercoaster in California in the BLACK BOX Building with the Mcafee Logo on it! INTEL is not the excuse anymore guys! 

So MCAFEE does not care. Let the partner do an instrcutrion for you guys:

* Logon on to the Portal

* Right corner Support / Down

* Enter NAI Number and your E-Mail from your mom

* Remove all "Show only latest version"

* Remove all "Show only latest Version DOWN at the Special ATD BOX under all (Attention here too)

2019-09-18 17_06_43-local - visionapp Remote Desktop 2010.png

 

2019-09-18 17_07_23-local - visionapp Remote Desktop 2010.png

Remove old Extension from ATD on EPO

Install new Extension

 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community