cancel
Showing results for 
Search instead for 
Did you mean: 
pcmcis
Level 7
Report Inappropriate Content
Message 1 of 13

McAfee Agent 5.6.0.878 Show Agent log not working

Jump to solution

Hi,

I'm unable to view remote Agent log (Show Agent Log) on machines with Agent 5.6.0.878 installed.

Agents 5.6.0.702 and 5.0.5.658 are ok with the same EPO policy.

EPO 5.9.1

Anyone else having the same problem?

BR

Pcmcis

 

 

 

 

 

 

1 Solution

Accepted Solutions
Reliable Contributor twenden
Reliable Contributor
Report Inappropriate Content
Message 2 of 13

Re: McAfee Agent 5.6.0.878 Show Agent log not working

Jump to solution

They have changed the way that you can see the remote logs.

 

You need to go to the system in the system tree. Once there, you click on "Actions". You will see a new entry called "Single System Tree Troubleshooting" . this is where you go to view the logs and download the info.

remote1.png

12 Replies
Reliable Contributor twenden
Reliable Contributor
Report Inappropriate Content
Message 2 of 13

Re: McAfee Agent 5.6.0.878 Show Agent log not working

Jump to solution

They have changed the way that you can see the remote logs.

 

You need to go to the system in the system tree. Once there, you click on "Actions". You will see a new entry called "Single System Tree Troubleshooting" . this is where you go to view the logs and download the info.

remote1.png

pcmcis
Level 7
Report Inappropriate Content
Message 3 of 13

Re: McAfee Agent 5.6.0.878 Show Agent log not working

Jump to solution

Thank you for your reply.

Yes, it works inside the "Single System Tree Troubleshooting" as you said.

BR,

Pcmcis

 

 

Highlighted
Heiko1
Level 8
Report Inappropriate Content
Message 4 of 13

Re: McAfee Agent 5.6.0.878 Show Agent log not working

Jump to solution

Sorry, but this is not really a solution for me.
In the past, you can open the log in a second window and it was possible to reload the log by hitting F5. Now ePolicy is blocked when you are viewing the log. Pressing F5 is also not working. From my side, this change of working with the Agent log is not helpful and useful.

Is there an other way to show the Agent log in a 2nd browser window/tab and reload function (F5)?

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 5 of 13

Re: McAfee Agent 5.6.0.878 Show Agent log not working

Jump to solution

Single system troubleshooting is only applicable to agents 5.6.0 HF1264214 and above.  For all other versions, the show agent log should still work.

This feature was added to enhance troubleshooting capabilities and security.  Many epo admins don't have access to agent logs to gather them - this was designed to aid in collection of data for troubleshooting systems that there is otherwise no access to.  Often the show agent log feature didn't work if the setting in agent policy was set to accept connections only from epo server, or remote access to logs was disabled. This feature still allows collection of those logs by an epo admin even with remote access to logs disabled. It also increases security so that access to agent logs is restricted to only those in epo that have permissions to do so and/or is a global admin.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 6 of 13

Re: McAfee Agent 5.6.0.878 Show Agent log not working

Jump to solution

Here is a little more clarification on the security reason behind this change.

This is from the release notes for the hotfix that changes this behavior.

1265828    Fixed  an information disclosure vulnerability. For  more information, see SB10271. McAfee Agent now addresses this issue by disabling the Remote logging feature and introducing a new feature –Single System troubleshooting.   For More information on this feature, see KB91283(Windows, Linux and macOS)

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/28000/PD28162/en_US/...

The way the data is collected is via a client task that collects the logs and status monitor output in json and sends them to ePO over the data channel. So you do loose the ability to hit f5 to see new log lines. The whole point of this is that the MA doesnt publish its logs over HTTP anymore to remediate this vulnerability.

So your choices are this.  Downgrade the agent and lower your security, or use the link again for single system troubleshooting to refresh the logs.  You can drag that link on the bottom of your page for quick access.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Heiko1
Level 8
Report Inappropriate Content
Message 7 of 13

Re: McAfee Agent 5.6.0.878 Show Agent log not working

Jump to solution

Many thanks for your feedback.

But as I said, the new feature is not a solution for me. It blocks the support in case of problems. Why is there a setting in ePolicy Agent Setting to open or close the access to the Agent log? I know, history and to support the old agents ;-), Why is it not possible anymore, to give the adminis the possibility to decide to open/close the access of the "Agent log"?

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 8 of 13

Re: McAfee Agent 5.6.0.878 Show Agent log not working

Jump to solution

Simply put, for the sake of security.  We are in the business of security and when a vulnerability is found it is our responsibility to protect our customers by fixing said vulnerability.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Heiko1
Level 8
Report Inappropriate Content
Message 9 of 13

Re: McAfee Agent 5.6.0.878 Show Agent log not working

Jump to solution

I understand but the solution is not helpfull/usefull for me.

That's all for me because we can't change it.

 

Re: McAfee Agent 5.6.0.878 Show Agent log not working

Jump to solution

-COMMENT REMOVED BY POSTER  BASED ON McAfee FEEDBACK - 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator