cancel
Showing results for 
Search instead for 
Did you mean: 
hiteshp
Level 8
Report Inappropriate Content
Message 1 of 10

McAfee Agents and Distrubited Repositories

Jump to solution

Hello all,

I am fairly new to McAfee (even though I have attended the Install and Config course a few weeks ago).

Trying to setup a Repository in our DR site as a test bed to see the function of the process as I will be using the UK ePO server as the parent for our overseas offices.

Created the Repository which is going to be one of the DR servers as a HTTP type with a shared area on the server to access the various products.  I have also created a new Agent Repository Policy which I have assigned to a group which only contains the DR servers.  Within the policy, I've set the Repository List Selection to use this list and the Repository list is set to use the DR Repository first, then the ePO server and then the web.  Forced the server agents in DR to wake up and apply the new policy.

My question is, how can I tell if the servers in DR are using the DR Repository server and not the ePO server?

Any help\guidance would be greatly appreciated.

Regards

Hitesh

ePO Server 4.6.6 (Build 176)

McAfee Agent 4.8.0.887

VirusScan 8.8.0.975

Message was edited by: hiteshp on 03/12/13 06:08:58 CST
1 Solution

Accepted Solutions
QHAFIZ
Level 9
Report Inappropriate Content
Message 10 of 10

Re: McAfee Agents and Distrubited Repositories

Jump to solution

"My question is, how can I tell if the servers in DR are using the DR Repository server and not the ePO server?"

Answer:

- If the policy is propagated correctly to the Agent (in this case your DR Servers), you may refer to SiteList.xml (default path below) and check for Order="1".  Whatever repository having Order="1" should be the repository being contacted by the Agent. In case the Order="1" repository is not reachable, Agent will try Order="2" and so on. In case the Order="1" repository is not up-to-date (DAT etc), the Agent will again try with Order="2" and so on.

Additionally, when you open up the "Update Security" (M icon right click), it should show you the name of the repository Agent is trying to connect to.

SiteList.xml path:

XP, 2003- Documents and Settings\All Users\Application Data\McAfee\Common Framework

Win Vista/7/8/2008- C:\ProgramData\McAfee\Common Framework

SiteList.xml example:

<TypeOfSite (Http, FTP, SuperAgent etc) Type="repository" Name="NameOfTheRepository" Order="1" Enabled="1" Local="0" Server="FQDNOfRepository:Port" ServerName="NetBIOSOfRepositoryServerPort" ServerIP="IPAddressOfRepositoryComputer:Port">

<RelativePath>Software</RelativePath>

<UseAuth>0</UseAuth>

<UserName />

Fyi- In case you want to restrict the Agent to pull the update (DAT, Engine, Spamfilters, Product package etc) from any specific repository (and do not want the Agent to go on order basis by Ping Time or Subnet Distance), then select the 'Use Order in Repository List'. This will restrict the Agent to as you arrange the order (as shown in attached file).

Hope this helps.

Message was edited by: QHAFIZ on 12/4/13 8:35:18 PM CST

View solution in original post

9 Replies
Highlighted
Tristan
Level 15
Report Inappropriate Content
Message 2 of 10

Re: McAfee Agents and Distrubited Repositories

Jump to solution

You could try this dashboard created by djjava9

https://community.mcafee.com/docs/DOC-2996

Basically it uses queries against events generated by your clients to build graphs and reports. You can then drill down and view the detailed inforamtion as well.

hiteshp
Level 8
Report Inappropriate Content
Message 3 of 10

Re: McAfee Agents and Distrubited Repositories

Jump to solution

Hi Tristan,

Thanks for that.  Imported the Dashboard and it worked great.

Only downside is that the other repository I created is not showing.  Which must mean I have missed something.

Any thoughts?

Regards

Hitesh

Tristan
Level 15
Report Inappropriate Content
Message 4 of 10

Re: McAfee Agents and Distrubited Repositories

Jump to solution

The dashboard data is built from events generated by clients therefore if the repository is not shown then possibly no events have been generated.

Have you gone through the event logs and check to see which repository is used when one of these remote clients updates.

Another thing to check is in the VirusScan Console itself. 'Tools' -> 'Edit AutoUpdate Repository List' if you remote repository (local to the client) is at the top of the list then you know your client has downloaded the correct policy.

hiteshp
Level 8
Report Inappropriate Content
Message 5 of 10

Re: McAfee Agents and Distrubited Repositories

Jump to solution

Hi Tristan,

So it looks like my polcies are being applied and the servers in DR are showing that the DR Repository is definatly the first in line to be used.

But looking at the logs, I'm getting an error saying naInet Unable to connect to (DR Repository) on port 80.  Looks like the servers are having trouble connecting to the repository using HTTP.  Found a discussion on this site saying that the moved to FTP instead and that worked.

I'm going to give that a go.

If you can think of anything else I could try that would be great, but otherwise thank you soo much for your help 🙂

Regards

Hitesh

Re: McAfee Agents and Distrubited Repositories

Jump to solution

https://community.mcafee.com/people/petersimmons/blog/2012/08/29/repository-science

Here's a slightly different one that breaks down the usage by repository and by type (install, update,content). And it is a sliding show of hte last 72 hours... because you don't care about the historical just the current.

Re: McAfee Agents and Distrubited Repositories

Jump to solution

You most likely have better results with SuperAgent DR's.  No additional services required like IIS or FTP; it's just an agent policy.

hiteshp
Level 8
Report Inappropriate Content
Message 8 of 10

Re: McAfee Agents and Distrubited Repositories

Jump to solution

I've noticed that when you go to setup the McAfee Agent General policy, the repository option is to convert all agents to super agents.

Is there a way of controlling that?  There are some servers that will not have enough space on the C: drive to host all the products that will be replicated.

Regards

Hitesh

Re: McAfee Agents and Distrubited Repositories

Jump to solution

You do not want to make all of your endpoint DR's , just the 1-2 or however many you need to manage the load in your environment.  Too many DR's is worse than too few.

I recommend reading to ePO Best Practice guide for Your version.  It includes a section on DR's the types and a minor guide on sizing. 

SuperAgents are the most flexible and most easy to manage. 

QHAFIZ
Level 9
Report Inappropriate Content
Message 10 of 10

Re: McAfee Agents and Distrubited Repositories

Jump to solution

"My question is, how can I tell if the servers in DR are using the DR Repository server and not the ePO server?"

Answer:

- If the policy is propagated correctly to the Agent (in this case your DR Servers), you may refer to SiteList.xml (default path below) and check for Order="1".  Whatever repository having Order="1" should be the repository being contacted by the Agent. In case the Order="1" repository is not reachable, Agent will try Order="2" and so on. In case the Order="1" repository is not up-to-date (DAT etc), the Agent will again try with Order="2" and so on.

Additionally, when you open up the "Update Security" (M icon right click), it should show you the name of the repository Agent is trying to connect to.

SiteList.xml path:

XP, 2003- Documents and Settings\All Users\Application Data\McAfee\Common Framework

Win Vista/7/8/2008- C:\ProgramData\McAfee\Common Framework

SiteList.xml example:

<TypeOfSite (Http, FTP, SuperAgent etc) Type="repository" Name="NameOfTheRepository" Order="1" Enabled="1" Local="0" Server="FQDNOfRepository:Port" ServerName="NetBIOSOfRepositoryServerPort" ServerIP="IPAddressOfRepositoryComputer:Port">

<RelativePath>Software</RelativePath>

<UseAuth>0</UseAuth>

<UserName />

Fyi- In case you want to restrict the Agent to pull the update (DAT, Engine, Spamfilters, Product package etc) from any specific repository (and do not want the Agent to go on order basis by Ping Time or Subnet Distance), then select the 'Use Order in Repository List'. This will restrict the Agent to as you arrange the order (as shown in attached file).

Hope this helps.

Message was edited by: QHAFIZ on 12/4/13 8:35:18 PM CST

View solution in original post

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community