cancel
Showing results for 
Search instead for 
Did you mean: 

MyAvert on EPO 4.0(build 1113) Not updating

Hi,
We installed ePO 4 and the latest patch but we donn't see MyAvert informations.
Pulling tasks from McAfee HTTP and FTP and pushing to repositories works fine
Deployment and managment to our computers also works fine.

But MyAvert stay silent.

The dashboard reports:
Master Repository Status
No Information Available
The latest MyAvert information was not successfully retrieved from McAfee.
My Repository DATs and Engines are 5340.000 and 5200.2160.
Latest Available DATs and Engines are --.
Last Check: Unknown

The reporting / MyAvert ... is empty

The MyAvert sttings are:
Update MyAvert Security Threats every 5 Minutes (to test)
Use a proxy
the proxy settings are coorectly filled
port 8801 is open on the firewaal & we can open http://myavert.avertlabs.com:8801/reportservice.asmx

Any Idea what we can test to do it working ?
Michel
ICT ATS Groep
Belgium
20 Replies
MilleRJ
Level 7
Report Inappropriate Content
Message 2 of 21

RE: MyAvert on EPO 4.0(build 1113) Not updating

I don't have an answer for you... but we have exactly the same issue.

Like you, we go through a proxy, and I've checked and double checked until blue in the face. I've an open call with McAfee on this, although it's rather lower priority then a few other calls also open.

TBH - despite the fact that there have only been ten threats shown on this in the past few years, the most usefull aspect is to check that the DAT in the repository is the same as that on McAfee's site If it's not, then I know there's a problem

Bob

RE: MyAvert on EPO 4.0(build 1113) Not updating

It's god te feel that you're not alone ....

Tips. I subscribed to McAfee Aleert and I receive a mail every time a new DAT occure (at night)
Easy when starting to work at the morning to compare the information from that mail and the ePO dashboard.
davei
Level 9
Report Inappropriate Content
Message 4 of 21

RE: MyAvert on EPO 4.0(build 1113) Not updating

I think this is something to do with epo4 authenticating against your proxy.

I had the same problem with epo4 and ISA 2006. Plumbed into epo a user\pass that has internet access, and using IE I could access the URL through the ISA whilst logged on interactively as this user. But MyAvert would not update.

To fix it I had to create a firewall rule in ISA that allowed http traffic from the epo server out to the MyAvert url, but UN-AUTHENTICATED.

Then it worked fine.

RE: MyAvert on EPO 4.0(build 1113) Not updating

Thx Davei
It works fine now
So as you sugested I chnge the rule on our Isa Server 2006 (only port 8801 xas open)
Michel

PS. Here are the new/working properties for an updating Myavert:

Protocol:All outbound (just port 8801 is not enougth)
From: My ePO server
To: MyAvert (URL rule to : http://myavert.avertlabs.com:8801/reportservice.asmx)
Users: All Users (Standard for Authenticate and Unauthenticated)
MilleRJ
Level 7
Report Inappropriate Content
Message 6 of 21

RE: MyAvert on EPO 4.0(build 1113) Not updating

Well that's good news... of a sort. It's always good to understand why something doesn't work.

Unfortunately, we use ISA2000 here (yes - we know.... promised replacement coming soon ...) and ISA2000 doesn't allow individual rules - it's all or nothing. Unauthenticated connection to the internet isn't going to happen Smiley Sad

While I can understand McAfee accepting unauthenticated traffic for AVERT, why do they have to reject authenticated traffic? I'll ask if this can be looked at.

Oh well - at least I'm now getting the DAT notifications from the list-server - thanks for that tip.
davei
Level 9
Report Inappropriate Content
Message 7 of 21

RE: MyAvert on EPO 4.0(build 1113) Not updating

The real issue is that the epo proxy settings either aren't used, or the user\pass is ignored. I personally can't tell whether the proxy server and port settings are used in my environment, as our proxy (ISA2006) is in the default route out of our WAN, therefore traffic will hit ISA regardless of what i put in the proxy sever\port boxes.

The username\password settings are definitely ignored one way or another - I can see this by monitoring all traffic outbound from the epo server to the myavert url on our ISA server. The connection hits the firewall service (as a snat client), bounces to the web proxy service but has a username of 'anonymous'. Despite putting a domain\user\pass in the proxy settings in epo.

So only a non-authenticated oubound access rule will get it working.

MilleRJ - get it upgraded!!! Well worth it....
al_pha
Level 7
Report Inappropriate Content
Message 8 of 21

RE: MyAvert on EPO 4.0(build 1113) Not updating



all outbound?! yikes!
ManuelS
Level 7
Report Inappropriate Content
Message 9 of 21

RE: MyAvert on EPO 4.0(build 1113) Not updating

hello everyone,

since I am having the same problem, one question from my side:
did someone of you open a service reqest at McAfee regarding this issue?

I am asking because in our environment
- proxy-settings are used when updating the master repository
- myavert.avertlabs.com is reachable through our proxy-server, at least when I try it over a webbrowser

from my point of view it should be fixed, and if noone of you opened a service request, I will do it...

of course it is not a "BIG" problem... but it annoys me sad

RE: MyAvert on EPO 4.0(build 1113) Not updating

Hey,

I have the same issue. I agree its not a huge problem, but it would be nice to have it working since its there.

My environment
-No proxy settings
-myavert.avertlabs.com is reachable from my server