I did an upgrade of my TIE VMs to 2.1.323 and DXL Brokers to 18.104.22.1685
the Agent is still Version 22.214.171.1242
However I can not find the MLOS Agent in the Software Manager on ePO and also not in the download section of mcafee.com
Have I to do an Upgrade of the Agent or is the Agent included in the TIE/DXL Update.
What is the newest Agent for TIE/DXL
You probably figured it out since this was posted a while ago, but still will provide you part of the answer.
McAfee Agent for MLOS 5.0.4 is only available at McAfee Downloads in the TIE server section. See KB85586 for instructions to deploy the agent to the TIE server appliance. Do not install the McAfee Agent for Linux because it is not compatible.
From what's being currently offered the Agent is at 5.0.6 right now. To get to it, you have to go through the download page, then on McAfee Threat Intelligence Exchange 2.1, under packages you should see the McAfee Agent for MLOS.
Now let me know if you find official documentation for doing the same thing on the DXL appliances and what Agent version is officially supported on those is also not easy to obtain.
I don't get why the McAfee Agent for MLOS isn't available under the McAfee Agent download section, since it could possibly be used on DXL and TIE and probably MAR also and ATD...
same problem here. I cannot find the McAfee Agent for MLOS Package to update my TIE Server.
I went to Download Page using my ePO Grant Number -> My Products, but there ist no "Threat Intelligence Exchange" Section. Seems they have moved it again <insert screams of despair here/>
Please McAfee, do not make this more complicated to your customers than necessary. Is it really that difficult to get things sorted correctly ? I mean as it is a McAfee Agent, everyone will try to find it in the "McAfee Agent" section.
From a logical point of view it also does not make sense to exclude this package from software catalogue, does it ?
So far, so good.
But when i tick "McAfee Threat Intelligence Exchange", the following screen shows no McAfee Agent for MLOS:
Thanks for tryin to help, but thats not it
Same Pitfall again in 2019. Just the realy short remark in the TIE Release NOTES about the agent. How about putting a remark THERE that you CAN only find the AGENT under the TIE NAI licence and you can't search it in Software Manager. After NOT Updating the MLOS Agent for over 6 months is simply trapped into that pitfall again. We had it in documentation with screenshots on our side (200 pages).
Simply the same comment from me. How can you make life complicated of customers?
McAfee Agent for MLOS package is typically available in the TIE packages section. We will take this feedback and make necessary correction in the further releases and documentation.
It is also unclear regarding DXL Broker UPDATE. There is a Special note about the DXL broker, which comes with the TIE OV template for VMWARE. However, we tried to update the DXL Broker on TIE in between an EPO 5.9.1 SHA1 to SHA2 migration, which failed. There are several lager (5 Pages) KB entry’s describing the procedure for the replacement of the SHA1/2 on TIE Server and ATD-Sandbox. We do Postgre export and file (What is possible without locks) export and snapshots before we touch the TIE so we went back without trouble.
We only started the SHA1 to SHA2 migration that fast and without reading all from A-Z after Symantec had Problems with certain products and the MS Patchday Updates.
In General, we often see discussion about DXL or even the Agent itself. What works with what?
Framework 5.X helps us by checking compatibility but we have the TIE and ATD which don't?
There is still no Whitepaper that tells us what version from DXL Agent works backwards with what DXL Broker AND if you have to update the DXL parts. Gladly it was included in the McAfee Framework package itself so customer do not have to worry about Windows Client side too much.
Where is the info WHICH DXL on TIE and ATD is compatible to the DXL version provided with the Framework 126.96.36.1998 as example? Do we have to update the other side? Is it slower or unsafe if we do not? Etc. etc.