Hm,
are you using a McAfee Agent Extension with version 5?
Cheers
Hi Troja,
Yes i'm using MA Extension version 5 and MePO 1.1.4.106 version.
Thanks,
Smalldog
Hmmm,
what can cause the Problem?? hmmmm..... Let me summarise:
Is the MePO Extension visible under the EPO extensions?
Cheers
Dear Troja,
Yes it is visible under ePO Extension. My TIE Serve and extension that 1.0.1 version. So i will upgrade to 1.1 version to see that work or not?
Thanks,
Smalldog
Yes try this,
i think anything is right in your configuration. I cannot identify any wrong configuration.
Let´s see what happens with TIE 1.1 version.
Cheers
Dear Troja,
The problems gone with upgraded to version 1.1. I can make MWG connected to ePO, import rules but didn't knows it work or not? I had upload Artemis-high file to mediafire and set to known malicious on ePO but didn't block from MWG. How i can troubleshoot this prolems? Do you have any file on cloud so i can test with that file?
Thanks,
Smalldog
you can block any file regardless the McAfee Signature Information. If you set a file to "known malicious" MWG should block the donwload. Encrypted traffic or decoded transport options can make any Content invisible for MWG.
1) you can use the TIE samples from https://community.mcafee.com/docs/DOC-6470
2) Most file sharing platforms are using SSL encryption. Therefore SSL scan should be enabled.
3) If mwg queries the file this should be visible under TIE Reputations in EPO.
4) Take a look at the rule tracing central of the ruleset gets active
5) Check a TCPDump if there is a Connection to TIE Server or a DXL Broker.
I copied the Artemis-high file to our sharing platform. At the Moment i do not know if HTTP is allowed and working. Just try it.
https://secure.spp.at/s/CoHmDU
Cheers
Dear Troja,
Everything is working now. Appreciate your support!
Thanks so much!
Smalldog
I created the TIE rule on the MWG as described. I now see in the dashboard under DXL that all the DXL requests fail. I do have DXL setup under ePO in config. Anything else that i missed?
Hi,
have you installed the Message Bus Extension in EPO and have you activated the McAfee Agent settings?
Can you see your MWG in the EPO System tree?
Cheers
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA