cancel
Showing results for 
Search instead for 
Did you mean: 
Quitch
Level 7
Report Inappropriate Content
Message 1 of 8

ePO Agent Key Updater

This is one of the options for updates. What component does it represent, or rather what does this component represent?
7 Replies

RE: ePO Agent Key Updater

i'm encountering this as well. anyone can help?

RE: ePO Agent Key Updater

I'm not really sure, perhaps it's used to manage the public key used between ePO server and McAfee Agents...?

RE: ePO Agent Key Updater

I know this is an old thread, but I'm curious to know what this is as well.

Anyone?

RE: ePO Agent Key Updater

The below is in ePO's product guide, may be able to help you guys.


Agent-server secure communication (ASSC) keys
• The first time the agent communicates with the server, it sends its public key to the server.
• From then on, the server uses the agent public key to verify messages signed with the
agent's secret key.
• The server uses its own secret key to sign its message to the agent.
• The agent uses the server's public key to verify the agent's message.
• You can have multiple secure communication key pairs, but only one can be designated as
the master key.
• When the client agent key updater task runs (ePO Agent Key Updater 3.5.5), agents
using different public keys receive the current public key.
• If you are upgrading from ePolicy Orchestrator 3.6 or earlier, a legacy key is retained. If
you are upgrading from ePolicy Orchestrator 3.6.1, the legacy key is the master key by
default. If you are upgrading from ePolicy Orchestrator 4.0, the master key is unchanged.
Whether or not you upgrade from version 3.6.1 or 4.0, the existing keys are migrated to
your ePO 4.5 server.

Re: RE: ePO Agent Key Updater

So... does this mean there's no need to enable this update task if we're running ePO 4.5, upgraded from 4.0. As I understand the guide's extract, ePO 4.5 migrates the server key thus there should be no need for this update task, right?

I'm going to go with "if it ain't broken, don't touch it" approach, but would still like to understand as many of the features as possible.

Thanks.

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 8

Re: RE: ePO Agent Key Updater

Ideally, you would want to keep the Key Updater enabled. This will run if there is a change in the keys (e.g you promote a new master key). If you disable this component, the agents will not be able to stay up-to-date with the latest keys.

looc
Level 7
Report Inappropriate Content
Message 8 of 8

RE: ePO Agent Key Updater

Hello

Yes this updates keys, but should i enable this option?

Is this enabled in you´r installation? and if i enable or not is there any problems whith that?

Now it´s not enabled in update task.

I´m running epo 4.5, vs 8.5 and agent 4.0 with all the latest SP:s