cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Nessus Plugins 51192 and 45411 alerting on ePO Agent Handlers

We are getting Nessus Alerts for the 2 Plugins listed in the Summary. Our Client will not accept KB82163 as a solution to suppress the scans. What are some of the alternatives to fixing this issue without effecting the operational performance of ePO? Can you change the Common Name and Subject Alt name of the self-signed cert? We have 3 AH with one being the main 5.10 console and the other 2 sitting in the AWS cloud. Trying to find a way to show a modified snapshot of our Nessus scan results for each Plugin to help visualize the finding.
3 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Nessus Plugins 51192 and 45411 alerting on ePO Agent Handlers

Please open a ticket with McAfee for any vulnerability questions like that and they almost always have to go to development.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Nessus Plugins 51192 and 45411 alerting on ePO Agent Handlers

Did anyone open a McAfee ticket and get a response to this issue?  We are encountering the same thing.  Client was going to accept a variance based on KB82163 but now wants to find a solution.  Can these certs be loaded to the Nessus scanner to avoid them from flagging during scans?

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Nessus Plugins 51192 and 45411 alerting on ePO Agent Handlers

I don't know if you can upload them to nessus or not, we are not familiar with its functionality.  The KB given is development's official statement regarding those flags.  The only certificate that can be changed in epo is the browser cert, which is not involved with ports 8444 or 443.  KB72477 tells how to create custom browser cert that includes subjectalt field, but it is not yet available with the default Orion CA cert. Regarding their statement:

The ePO engineering team has researched the findings and concluded that ePO is not vulnerable to the reported findings. Research found that because ports 8444 and 443 are not meant for browsing using a browser.
They are accessed from the McAfee Agent, Agent Handler, or other ePO internal service. The certificate trust is built on OrionCA which is generated per ePO install.

Regarding all warnings, the exception noted for QID 38173 applies:

The ePO server and Agent Handler components communicate only with a restricted set of clients who have the trusted certificate chain. The CA certificate is not available publicly and can't be verified remotely.

In addition, to prevent future concern on the part of Qualys customers, McAfee has filed an enhancement request to address QID 38170. The request is to set the subjectAltName value as advised by the QID.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community