I'm seeking the opinion of other McAfee System Administrators on allowing remote access to the Agent Activity Log from computers other than the ePO on port 8081. Were their any security concerns that influenced your decision to publish or not publish the agent log? On one hand, it is convenient to be able to open a web browser and check the status of an agent. On the other hand, some of the information I was able to pull from the Agent Log and NaPrdMgr logs includes: Scheduled Tasks, MA and VSE version, DAT & Engine version, installation path on the client, IP address of the ePO & on what port it's listening, O/S type, number of CPUs, CPU speed, number of hard drives, physical memory, Time Zone, domain name, etc. There are also sections of the PrdMgr log that look like they may indicate what features of VirusScan are enabled--such as the lines containing "ProdMgr SetPropertyA VIRUSCAN8700". This could be very valuable reconnaissance information about one's environment for a bad guy. What are your thoughts? Thanks!
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.