I'm not really sure, perhaps it's used to manage the public key used between ePO server and McAfee Agents...?

I know this is an old thread, but I'm curious to know what this is as well.

Anyone?

The below is in ePO's product guide, may be able to help you guys.


Agent-server secure communication (ASSC) keys
• The first time the agent communicates with the server, it sends its public key to the server.
• From then on, the server uses the agent public key to verify messages signed with the
agent's secret key.
• The server uses its own secret key to sign its message to the agent.
• The agent uses the server's public key to verify the agent's message.
• You can have multiple secure communication key pairs, but only one can be designated as
the master key.
• When the client agent key updater task runs (ePO Agent Key Updater 3.5.5), agents
using different public keys receive the current public key.
• If you are upgrading from ePolicy Orchestrator 3.6 or earlier, a legacy key is retained. If
you are upgrading from ePolicy Orchestrator 3.6.1, the legacy key is the master key by
default. If you are upgrading from ePolicy Orchestrator 4.0, the master key is unchanged.
Whether or not you upgrade from version 3.6.1 or 4.0, the existing keys are migrated to
your ePO 4.5 server.

So... does this mean there's no need to enable this update task if we're running ePO 4.5, upgraded from 4.0. As I understand the guide's extract, ePO 4.5 migrates the server key thus there should be no need for this update task, right?

I'm going to go with "if it ain't broken, don't touch it" approach, but would still like to understand as many of the features as possible.

Thanks.

Ideally, you would want to keep the Key Updater enabled. This will run if there is a change in the keys (e.g you promote a new master key). If you disable this component, the agents will not be able to stay up-to-date with the latest keys.