cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Created local HTTP repository for AutoUpdate without ePO - Kachow!

Ok so this may get a bit lenghthy:

Goal was to get our clients that DO NOT have Internet access talking to a local server to get updates, and we didn't have ePO.  So I decided to try and "trick" the autoupdate to think it was talking to McAfee online by doing the following:

Wrote a batch file and used a scheduled task from a server that had Internet access to download everything off of McAfee's site daily using WGet and put into C:\McAfee:

-wget -b --no-host-directories -l 10 -r ftp://12.120.129.237/commonupdater

Note: This gave us the full folder structure that McAfee provides

c:\McAfee

c:\McAfee\products

c:\McAfee\products\commonupdater

c:\McAfee\products\commonupdater\current

etc..

Configured clients local DNS servers and created records for:

- ftp.nai.com and update.nai.com, both pointing to a local webserver we'll call "MUpdateServer"

Note: We did this because these are the default settings in each of the clients and since we dont have anything to change hundreds of clients, we decided to redirect the requests.

Configured IIS on MUpdateServer to have( you need FTP and HTTP for this to work ) :

-website with hostheader listening on port 80(update.nai.com) pointing a local directory: C:\McAfee, reachable via http://update.nai.com/products & http://update.nai.com/products/commonupdater

-enable directory browsing on IIS 7 (Server Manager -> Roles ->Right Click on Web Server (IIS) -> "Add Role Services"->Check "Directory Browsing"

-create a virtual directory named products pointing to c:\McAfee

Note: Test with a browser to make sure files are viewable: http://update.nai.com/products & http://update.nai.com/products/commonupdater

-ftp site with hostheader (ftp.nai.com) pointing to local directory: c:\McAfee\commonupdater

Note: Test with a browser to make sure files are viewable: ftp://ftp.nai.com/CommonUpdater

So now every new client that is deployed looks for both ftp.nai.com and update.nai.com and downloads the updates locally.

I hope this saves some time and frustration for someone...

Deepak in the ATX

1 Reply

Re: Created local HTTP repository for AutoUpdate without ePO - Kachow!

Thanks Deepak. The info in your post helped me achieve a similar thing.

In my case the servers that needed updating were in a DMZ and only had port 80 open to the LAN. I was therefore very limited in what update services they could access.

So, much like your FTP instructions, I instead created a website on a server on the LAN, set up a scheduled job to FTP the NAI update area down to it and publish it. I used WinsCP to perform the synchronisation as WGET didn't do that very well.

I then created a new Autoupdate task in Viruscan console on each server to get its updates from this http server. All seems to work very well.

Andy.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community