cancel
Showing results for 
Search instead for 
Did you mean: 

Re: How to add as data source in the ESM; System Center Endpoint Protection 2016 also known as ForeFront Endpoint?

Hi sssyyy ,

Another quick question. In the Firewall rule, do I need allow rule enabled for both ForeFront Endpoint console IP and DB IP to the Receiver.

For instance.
Forefront EndPoint console IP 10.0.0.2

ForeFront DB IP 10.20.2.3

Kind regards,

Highlighted
Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 12 of 14

Re: How to add as data source in the ESM; System Center Endpoint Protection 2016 also known as ForeFront Endpoint?

So the firewall rule will be:

source ip [ERC ip] to DB [10.20.2.3] over TCP port 1433 [if 1433 is your DB port].

In my configuration, ESM only needs to pull data from the DB not console.

Re: How to add as data source in the ESM; System Center Endpoint Protection 2016 also known as ForeFront Endpoint?

Thanks this really helps to clearify the firewall rule now.

I am still working on the McAfee support to fix this, will update you once it is done.

Kind regards,

Tenzin Oshoe

Re: How to add as data source in the ESM; System Center Endpoint Protection 2016 also known as ForeF

Mcafee.JPG

Hi, we are trying to set up this connection. Although in the GUI it says connection is successful but there is no traffic in TCP dump. We are using SCCM 1806, which doesnt have the SQL view name mentioned in the data source config guide. SCCM DB view name is v_AM_NormalizedDetectionHistory. Please suggest if this is causing the issue. 

 

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center