Hi Troja,

Yes i'm using MA Extension version 5 and MePO 1.1.4.106 version.

Thanks,

Smalldog

Hmmm,

what can cause the Problem??  hmmmm..... Let me summarise:

• You are using EPO 5.x (my Environment: EPO 5.3)
• TIE, DXL and so on are working fine in your environment. So this all should be okay.  (my Environment: Extensions: Agent 5.0.1.148, McAfee DXL Broker Management 1.1.0.443, DXL Client 1.1.0.443, DXL Client Management 1.1.0.443, TIE Server 1.1.173, TIE Module for VSE 1.0.1.111)
• Extension for McAfee Agent Version 5.x is installed in our Environment.
• MePO Extension is installed and visible? (my Environment: Extension Version 1.1.4.106 visible under Extensions -> Server -> McAfee Mobile ePO)

Is the MePO Extension visible under the EPO extensions?

Cheers

Dear Troja,

Yes it is visible under ePO Extension. My TIE Serve and extension that 1.0.1 version. So i will upgrade to 1.1 version to see that work or not?

Thanks,

Smalldog

Yes try this,

i think anything is right in your configuration. I cannot identify any wrong configuration.

Let´s see what happens with TIE 1.1 version.

Cheers

Dear Troja,

The problems gone with upgraded to version 1.1. I can make MWG connected to ePO, import rules but didn't knows it work or not? I had upload Artemis-high file to mediafire and set to known malicious on ePO but didn't block from MWG. How i can troubleshoot this prolems? Do you have any file on cloud so i can test with that file?

Thanks,

Smalldog

Hi ,

you can block any file regardless the McAfee Signature Information. If you set a file to "known malicious" MWG should block the donwload. Encrypted traffic or decoded transport options can make any Content invisible for MWG.

1) you can use the TIE samples from https://community.mcafee.com/docs/DOC-6470

2) Most file sharing platforms are using SSL encryption. Therefore SSL scan should be enabled.

3) If mwg queries the file this should be visible under TIE Reputations in EPO.

4) Take a look at the rule tracing central of the ruleset gets active

5) Check a TCPDump if there is a Connection to TIE Server or a DXL Broker.

I copied the Artemis-high file to our sharing platform. At the Moment i do not know if HTTP is allowed and working. Just try it.

http://dl.spp.at/s/1cpmJq

https://secure.spp.at/s/CoHmDU

Cheers

Dear Troja,

Everything is working now. Appreciate your support!

Thanks so much!

Smalldog

Hi,

have you installed the Message Bus Extension in EPO and have you activated the McAfee Agent settings?

Can you see your MWG in the EPO System tree?

Cheers