cancel
Showing results for 
Search instead for 
Did you mean: 
Dvanmeter
Level 9

Encryption over Agent handler

I thought I was told before that you should be able to manage encryption on systems through an agent handler with the latest version of EPO and Agents.  I have an agent handler in our DMZ that manages laptops when they leave our company.  The agent handler works fine, all products, reporting and policy updates while laptops are away with no problem.  I took an Encrypted MAC with the latest 4.6 agent and encryption 1.0 and put it on a dsl line.  I put it into a group that would decrpyt and remove encryption.  The Mac began unencrypting the system.  When it was done the Mac encryption software was removed but it had problems removing the agent.  No matter how many times it checked in, I changed the policy, etc the agent would not remove.  I went ahead and removed the Encryption Agent manualy.

Now I wanted to encrypt the machine remotely.  I put it into a group that would install the encryption agent and software.  The agent and spftware installed ok, but no encryption began. I removed the two product and manually installed them and told it to check in.  It did check in as it pulled down 3 hotfixes, but encryption would never begin. I did multiple checkins through cmdagent, agent wakeup calls from the epo server, and waited 4 hours.  Harware was compliant, user was assigned, but nothing.  no error messages in logs to help me to go on.   I then plugged an ethernet cable from our company into the system and told it to check in and it began encryption as expected

So my question is  encryption through a remote agent suppose to work and is supported?  I have not tested this on the Windows Version yet.  any ideas or comments are appreciated.

0 Kudos
1 Reply
Timmah
Level 11

Re: Encryption over Agent handler

Hi there!

There is a known issue with upstream datachannel messages and remote AgentHandlers. EEPC/EEMac require upstream data channels during activation. In the logs, I would expect to see entries for sending machine and recovery keys, and then... well... nothing.

Note the mention of EEPC in the following KB article: https://kc.mcafee.com/corporate/index?page=content&id=KB59218

Have you configured your AgentHandler in the DMZ as per the KB article?

Hope this helps,

Tim

0 Kudos