cancel
Showing results for 
Search instead for 
Did you mean: 

Re: How to add as data source in the ESM; System Center Endpoint Protection 2016 also known as ForeFront Endpoint?

Hi sssyyy ,

Another quick question. In the Firewall rule, do I need allow rule enabled for both ForeFront Endpoint console IP and DB IP to the Receiver.

For instance.
Forefront EndPoint console IP 10.0.0.2

ForeFront DB IP 10.20.2.3

Kind regards,

Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 12 of 15

Re: How to add as data source in the ESM; System Center Endpoint Protection 2016 also known as ForeFront Endpoint?

So the firewall rule will be:

source ip [ERC ip] to DB [10.20.2.3] over TCP port 1433 [if 1433 is your DB port].

In my configuration, ESM only needs to pull data from the DB not console.

Re: How to add as data source in the ESM; System Center Endpoint Protection 2016 also known as ForeFront Endpoint?

Thanks this really helps to clearify the firewall rule now.

I am still working on the McAfee support to fix this, will update you once it is done.

Kind regards,

Tenzin Oshoe

Re: How to add as data source in the ESM; System Center Endpoint Protection 2016 also known as ForeF

Mcafee.JPG

Hi, we are trying to set up this connection. Although in the GUI it says connection is successful but there is no traffic in TCP dump. We are using SCCM 1806, which doesnt have the SQL view name mentioned in the data source config guide. SCCM DB view name is v_AM_NormalizedDetectionHistory. Please suggest if this is causing the issue. 

 

Highlighted
Leath
Level 7
Report Inappropriate Content
Message 15 of 15

Re: How to add as data source in the ESM; System Center Endpoint Protection 2016 also known as ForeF

I am having this problem too. 

Any solution? 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator