This content has been marked as final. Show 2 replies
Are the SuperAgents at your remote sites properly updating? Do they report as being available -- check the SiteStat.xml file in your SuperAgent's repository folder and verify that its Status = "Enabled".
I think if the central ePo server has newer versions available than at the SuperAgent, clients will download from the central ePo server.
I'm wondering if the 8-10 am window at your remote site corresponds to your window between updating your ePo repository and replicating the new data to your SuperAgents? Would that explain the traffic you see?
Yah we did look at if the copies of everything on the superagent were up to date and enabled and was fine. Also the AutoUpdate time in the client is in the afternoon on all of the boxes so it wasn't that process (the AutoUpdate logs also always showed the local SA). Most of the machines are turned off at night so my feeling was that time period was related to some +/- delay on something after bootup. With the bandwidth being zapped, the machines would just pile on and it took a while for it to all finish.
But to catch up to my current events, I was digging through the release notes for all of the McAfee products and their patches and noticed that McAfee Agent 4.0 had a bug along the way that was something along the lines of on non-english Windows it would pull full DATs rather than the delta DATs, wasting bandwidth, which was sort of like the issue, not quite, but it was a bug relating to non-english Windows and using too much bandwidth so we said heck with it and threw the newest McAfee Agent at one of the sites and not the other. The one with the newer agent did NOT have this download problem this morning.
So it seems the answer was, they already fixed it. I do think the Czech build of Windows must have been a factor, why I may never know.