We recently upgraded our servers from McAfee agent 220.127.116.118 to 18.104.22.1682. We found that on six of them (out of a few hundred) which are VM's (VMware) running W2K8 R2 Enterprise that the McAfee agent is running the ASCI communication continuously. When viewing the agent activity in the McAfee Agent Monitor the information is filling up so fast that it is just scrolling non-stop. Much like what is described in McAfee KB85352, however the debug logs do not show a loopback address . Unfortunately, that KB says the solution is upgrading to 5.0.3...and that's the version we are running. We found that in EPO the IP address for these servers is showing an IPv6 address, and we could stop the continuous communication with the EPO server when we disabled IPv6 in the network connection settings. However, I have verified with our network engineer that we are not running IPv6 on our network.
Has anybody else seen the continuous ASCI communication with the 5.0.3 agent??
VM's running W2K8 R2 Enterprise
McAfee agent 5.0.3
Some servers were running Move 3.6.1, some VScan w/Patch 5
Windows updates are current
NIC configurations are all the same except for one
I have removed, and reinstalled the McAfee agent via EPO (5.3.1 Build 188)
Same issue. Working with MS cluster and multiple IP addresses.
The problem has started after agent upgrade from 4.8 to 5.0.2.
Upgrade to 5.0.3 didn't solve it.
The most terrible thing is that continuous ASCI communication cause the endless growing of RAM consumption by masvc.exe
Any chance you are running DXL?
We had simmilar issue's in the past after upgrade/reinstall of the McAfee Agent on systems with DXL installed.
In our case DXL started to generate about 1 event per second, which was then send to ePo trough ASCII
If this is the case, should be resolved in latest version:
|1092761||2.0.0||2.0.1||Issue: If you migrate a system with DXL installed from the current ePolicy Orchestrator server to a different ePolicy Orchestrator server and redeploy McAfee Agent from the new ePolicy Orchestrator server, DXL does not regenerate certificates. Consequently, DXL is unable to connect to the new DXL Broker.|
Workaround: Reinstall DXL to resolve this issue.
Resolution: This issue is resolved in DXL 2.0.1.