cancel
Showing results for 
Search instead for 
Did you mean: 

Splunk report shows SSL errors

Running ePO console version 5.9.1. Had to run a Splunk report against an Remote Agent Handler. It shows numerous SSL issues. Weak Hash Algorithm, SSL version 2 and 3, SSL cert with wrong hostname, SMB signing not required, SSL Cert cannot be trusted and TLS Protocol Crime Vulnerability. How do I clear up these and other SSL cert issues
2 Replies

Re: Splunk report shows SSL errors

My error I should have stated a Nessus scane not a Splunk.

 

Reliable Contributor Nielsb
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: Splunk report shows SSL errors

The ePO engineering team has researched the findings and concluded that ePO is not vulnerable to the reported findings because ports 8444 and 443 are not meant for browsing using a browser. They are accessed from the McAfee Agent (MA), or Agent Handler (AH) or other ePO internal service, and the certificate trust is built on OrionCA which is generated per ePO install.

Regarding the warnings, the exception noted for QID 38173 applies:

The ePO server and Agent Handler components communicate only with a restricted set of clients who have the trusted certificate chain. The CA certificate is not available publicly and cannot be verified remotely.

 

McAfee KB article: https://kc.mcafee.com/corporate/index?page=content&id=KB82163&_ga=2.106025603.1871267830.1546851449-...

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator