7 Replies Latest reply on Dec 2, 2009 5:18 AM by JoeBidgood

    MyAvert Security Threats

      OK, I have seen many folks report this isn't working...so is there a fix or is it just out dated? Anyone from McAfee out there???

       

      This is referring to the Master Repository Status monitor under dashboards (just so you know)  ;o)

       

      Running ePO 4 Patch 5

       

      Thanks!!

        • 1. Re: MyAvert Security Threats
          JThomas

          There are no issues with the MyAVERT status on dashboard. I checked my server and it is working.

          On the ePO Server, first check if you are able to connect to the AVERT website using the following URL:
          http://myavert.avertlabs.com:8801/reportservice.asmx?wsdl

           

          Also check orion.log to see if the task is running.

          (Program files\McAfee\ePO\Server\Logs\Orion.log

          • 2. Re: MyAvert Security Threats
            tonyb99

            I have this issue with epo 4 patch 5 due to my upstream network devices and filtering, been through all the fixes and firewall alterations and ended up with the one that says... move to epo 4.5

            Given up on it working on that box, got another box on a nearby network that has a different route out and that works just fine so I can always check it if I need to.

             

            MyAvert Security Threats is more trouble than its worth for me

            • 3. Re: MyAvert Security Threats

              I can connect to the link you sent and I am attaching the orion.log in hopes you may see the issue.

               

              Thanks!

              • 4. Re: MyAvert Security Threats
                JThomas

                There are no entries for the MyAvert task in the attached orion.log.

                 

                It only has entries related to HIPS :  Malformed rule string detected.  Ignoring.
                java.text.ParseException: Unparseable date: "

                 

                Set the AVERT task to run with every 2 minutes and then grab the orion log immediately after that time.

                • 5. Re: MyAvert Security Threats
                  Laszlo G

                  Security threats has never been working on any of my ePO 4.0 patch 5 servers, I can only see it working on my other ePO 4.5 boxes and there it works fine, receiving new alerts every few days.

                   

                  Of course the myavert task is working on the ePO 4.0 boxes but I can only see alerts from years 2002-2003-2004 (ePO 4 didn't even exist at this time if I'm not wrong) so I can imagine the alert service has never worked on ePO 4.0 machines or it has worked in very rare cases

                  • 6. Re: MyAvert Security Threats
                    JoeBidgood

                    ulyses31 wrote:


                    Of course the myavert task is working on the ePO 4.0 boxes but I can only see alerts from years 2002-2003-2004 (ePO 4 didn't even exist at this time if I'm not wrong) so I can imagine the alert service has never worked on ePO 4.0 machines or it has worked in very rare cases

                     

                    It's not that it's never worked - it's just that in ePO 4, the avert alerts are reporting on different things

                    ePO 4 only alerts on threats that go to a status of Medium - On Watch or higher - and we have not had one of those for years, which is why it looks lik it is never updated.

                    ePO 4.5 reports on a much wider range of information.

                     

                    Regards -

                     

                    Joe

                    1 of 1 people found this helpful
                    • 7. Re: MyAvert Security Threats
                      Laszlo G

                      Thanks Joe.

                       

                      I've just seen, as you said, that only medium or higher alerts are reported on ePO 4.0 and all alerts that I see now on ePO 4.5 are only lo-profiled