I do not see the message bus extension on the download site, is this a production extension, or or only available to beta testers. Mwg shows in epo as a registered server. I see previous comments relating to mobile epo.. ... I am not using the mobile version of epo. thanks
the exactly name is Mobile EPO extension and can be found at https://contentsecurity.mcafee.com
I am trying to do the same thing. I have installed the MePO Extension in ePO, changed the McAfee Agent policy, created the DXL connection in Web Gateway... but I don't see MWG in the System Tree and requests handled by MWG end up resulting in an error: 35000 DXL is not available. I think I have the DXL connection wrong but I'll fiddle around with it some more and post the solution when I get it to work.
activate the DXL Tracing in your MWG Gui under Configuration -> Troubleshooting. Afterwards take a look if there is a useful information.
If there was any problem with the "DXL registration", perhaps with the certificate download, you have to reset this on MWG. This must be done with the command line at the moment.
-Stop MWG services: service mwg stop
-Delete the contents inside the folder: /opt/mwg/data/dxl -> do NOT delete any subfolder or content within any subfolder.
-Start MWG services: service mwg start
It takes some time until MWG is visible in the EPO Systemtree.
Hope this helps,
Thank you, that's very useful information. As it turns out, when I booted up my VM's to test a little more today, the DXL on MWG seems to be working fine. I can also see that it registered in ePO only today.
I did enable the tracing for DXL to see what I can expect and it's looking good. I got a trace for winscp575setup.exe and it looks like it's doing what it's supposed to do.
I wasn't getting much reputation information but as it turns out, I need to install the MEP extension (according to the second post in this thread), which turns out to be the MWG extension. I think that did the trick and I'm getting reputation information on MWG now.
Now it's my turn to have fun with MWG to DXL communications.
Is this applicable "Enable msgbus authentication using test certificates" in the Mcafee Agent policy. I don't recall running into this in the PG or McAfee knowledgebase. Yet I don't have MWG showing up in the System Tree nor does the /opt/mwg/dxl/data/MWG_dxl.conf file have the DXL brokers listed.
I have deleted the files there and restarted the mwg-core service, and have select rejoin in the MWG 7.6.2 configuration Menu - ePO.
tested again with the latest MWG version (188.8.131.5227) and the latest TIE version. There are still Files generated in TIE without filename.
Is there a new TIE integration ruleset or Whitepaper available?
has anyone an idea for my problem?? MWG is able to communicate with TIE. I can block file downloads based on TIE reputation.
But, there is no MWG reputation information available in TIE.
Your criteria send "MWG reputation" and the hash of all files that are non executable archives to TIE.
Isn't it too much? Shouldn't the criteria be with a AND and not OR? So we only send executables that are not archives.
I tried this rule as is to check and it did really slow the surf.
@Troja: I have opened a case for the same issue (TIE 1.3 and MWG 184.108.40.206). I'll update this thread.