Hi, We installed ePO 4 and the latest patch but we donn't see MyAvert informations. Pulling tasks from McAfee HTTP and FTP and pushing to repositories works fine Deployment and managment to our computers also works fine.
But MyAvert stay silent.
The dashboard reports: Master Repository Status No Information Available The latest MyAvert information was not successfully retrieved from McAfee. My Repository DATs and Engines are 5340.000 and 5200.2160. Latest Available DATs and Engines are --. Last Check: Unknown
I don't have an answer for you... but we have exactly the same issue.
Like you, we go through a proxy, and I've checked and double checked until blue in the face. I've an open call with McAfee on this, although it's rather lower priority then a few other calls also open.
TBH - despite the fact that there have only been ten threats shown on this in the past few years, the most usefull aspect is to check that the DAT in the repository is the same as that on McAfee's site If it's not, then I know there's a problem
Tips. I subscribed to McAfee Aleert and I receive a mail every time a new DAT occure (at night) Easy when starting to work at the morning to compare the information from that mail and the ePO dashboard.
I think this is something to do with epo4 authenticating against your proxy.
I had the same problem with epo4 and ISA 2006. Plumbed into epo a user\pass that has internet access, and using IE I could access the URL through the ISA whilst logged on interactively as this user. But MyAvert would not update.
To fix it I had to create a firewall rule in ISA that allowed http traffic from the epo server out to the MyAvert url, but UN-AUTHENTICATED.
Well that's good news... of a sort. It's always good to understand why something doesn't work.
Unfortunately, we use ISA2000 here (yes - we know.... promised replacement coming soon ...) and ISA2000 doesn't allow individual rules - it's all or nothing. Unauthenticated connection to the internet isn't going to happen
While I can understand McAfee accepting unauthenticated traffic for AVERT, why do they have to reject authenticated traffic? I'll ask if this can be looked at.
Oh well - at least I'm now getting the DAT notifications from the list-server - thanks for that tip.
The real issue is that the epo proxy settings either aren't used, or the user\pass is ignored. I personally can't tell whether the proxy server and port settings are used in my environment, as our proxy (ISA2006) is in the default route out of our WAN, therefore traffic will hit ISA regardless of what i put in the proxy sever\port boxes.
The username\password settings are definitely ignored one way or another - I can see this by monitoring all traffic outbound from the epo server to the myavert url on our ISA server. The connection hits the firewall service (as a snat client), bounces to the web proxy service but has a username of 'anonymous'. Despite putting a domain\user\pass in the proxy settings in epo.
So only a non-authenticated oubound access rule will get it working.
since I am having the same problem, one question from my side: did someone of you open a service reqest at McAfee regarding this issue?
I am asking because in our environment - proxy-settings are used when updating the master repository - myavert.avertlabs.com is reachable through our proxy-server, at least when I try it over a webbrowser
from my point of view it should be fixed, and if noone of you opened a service request, I will do it...
of course it is not a "BIG" problem... but it annoys me sad