cancel
Showing results for 
Search instead for 
Did you mean: 
chares
Level 9
Report Inappropriate Content
Message 1 of 10

Script - McAfee Agent ports and services for Windows

Hi There,

i just wanted to share with the community a little something that somebody would probably find useful,

Attached to this post i leave you a script that you can run through GPO or manually on a Windows PC/Server that does the following:

  • Allow ICMP (Ping)
  • Open ports 8443, 9443, 8083, 8084, 8441, 8444 (Ports defined for ePO) --> you can change this in the script
  • Open WMI/share related ports (135, 445, 4168, 9256)
  • Enable/Start McAfee Agent needed services (DCOM, Remote registry)
  • Enable/Start Windows Remote Management services (WinRM, RPC, WinMGMT, RPCS)

this works for any NT based Windows higher than 2000, as it checks first for its kernel version before running.

This is quite useful for large environments where you can't have people checking for all this in the machines,

This has been run in 5 infrastructures with more than 1000 Machines each, so its been quite tested,

The script has the descriptions in spanish, if somebody wants it in english, i'll be happy to modify it,

I hope that this can be made sticky, so that everyone can benefit of it

Cheers and happy ePO'ing

9 Replies
alexn
Level 14
Report Inappropriate Content
Message 2 of 10

Re: Script - McAfee Agent ports and services for Windows

Perfect .

Chares, if I just use netsh firewall set portopening tcp 8443 "McAfee 8443" enable all it says me  Command executed successfully however netsh firewall is deprecated. use netsh advfirewall firewall instead , could you tell what does it mean and has it open the port I requested?

Thank you.

chares
Level 9
Report Inappropriate Content
Message 3 of 10

Re: Script - McAfee Agent ports and services for Windows

Hi Alex,

yes it has opened the port,

however on Windows Versions superior to Vista, "netsh firewall" has been replaced for "netsh advfirewall",

since the command advfirewall lets you even control the firewall through CMD from the network from and to another computer,

it does the same trick, but is always recommended to use advfirewall,

Cheers,

chares
Level 9
Report Inappropriate Content
Message 4 of 10

Re: Script - McAfee Agent ports and services for Windows

You can also ensure that the port is opened by doing a "telnet -IP- -Port-" (telnet 192.168.0.1 8443), and if the screen goes black with the writing character, the port is open,

You also can get inside the advanced firewall management panel trough Windows "manage" or "server manager", and check if the rule, under the name you specified has been created and enabled.

remember that OSs superior to Vista have 3 profiles (Domain, Private and public), so you can add extra parameters like these with advfirewall.

2 useful tools to check machines quickly are the network scanner from softperfect (which you can configure to check for ports) and pinginfoview.

this tools will be useful for diagnosing access to the machines, check the admin$ share is enabled, and also to see if you have DNS errors, which affect how ePO communicates and sees the machines.

El mensaje fue editado por: chares on 06/06/13 10:06:46 CDT
alexn
Level 14
Report Inappropriate Content
Message 5 of 10

Re: Script - McAfee Agent ports and services for Windows

2 useful tools to check machines quickly are the network scanner from softperfect (which you can configure to check for ports) and pinginfoview.


I appreciate this sharing.I would like to add that tcpview is also good toll to get info which port is being used by what application and no doubt tcpcon.

Re: Script - McAfee Agent ports and services for Windows

I would like to see one in English if you would.  I noticed some of the commands were in spanish and not just the comments.  This is something that I might just be using as I need to role out McAfee to my company.  Thanks for the hard work and graciously giving it away.

chares
Level 9
Report Inappropriate Content
Message 7 of 10

Re: Script - McAfee Agent ports and services for Windows

Hi Crackerdan,

The script has no commands in spanish, only comments and the names of the rules. you only have to change the naming of the rules inside the "....." if you want them in english.

you also gotta change the ports to whatever you establish to be your client <-> server ports.

All of this can be made through GPO, although is a bit more complicated.

I'll later upload a newer version with services that were missing that sometimes the agent requires.

Re: Script - McAfee Agent ports and services for Windows

Thank you.  I think just seeing any spanish scared me. 

Re: Script - McAfee Agent ports and services for Windows

I ran your batch file on a couple systems and then was able to push the agent and install VSE.  I wasn't able to ping but it allowed me to push the software.  I made no changes to your script just ran it as an administrator.

Re: Script - McAfee Agent ports and services for Windows

I used Google Translate and translated.  Maybe someone could check my work.