cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Internal Clients went for updates from Mcafee site instead of internal ePo

we found some internal clients are getting updates from outside that is McAfee public source, instead of ePO .

We found this in firewall alot of traffic going to specefic subnet when we resolved that it was Mcafee site(nai.update.com)

 

But we need to find why this was happed we checked all the Agent policies and Server Task status but nothing found in this time frame to relate.

Then we collected MER logs next day by ePO server and some of the Clinets logs but, Technical support person told us to Logs you provided are later date. so we can't find any insight for this incident that happened, i Asked Technical Support person you told me collect the logs even from ePO and Agent , he has to aware how many days Agent logs would be exists, 

 

for how many days Agent logs will be  extracted ?

Do we have any way,  we can find any reason from ePO Server logs?

is thier any way we can find why ePo was failed to give updates, clients are tried or not this details from ePO logs?

1 Reply
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Internal Clients went for updates from Mcafee site instead of internal ePo

In the agent policy you can set the log sizes a little larger and rollover count to 5 or more to capture a larger time frame.  By default there is only one backup log, so they can roll over easy.  The mcscript log on the clients will be the most revealing for why it could not use a specific repository.  I would suggest monitoring repository usage by the default repository query in epo and if you see a spike in using the McAfee site, gather a mer from an affected client right away and from the epo server.  Most likely the server logs have rolled over too.  In the server log, if epo was having issues with giving up repository content, you would see those errors fairly clearly. 

If you are using distributed repositories and replicating to them, make sure your scheduling follows this pattern so that the repositories will always be up to date sites.

Pull from McAfee site

Replicate to repositories after pull

Clients update after replication and before the next pull.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community