5 Replies Latest reply on Dec 10, 2009 9:34 AM by dthompson76

    VSE 8.7 constantly accessing internet for updates

      Hi,

       

      We have observered that a very large number of our machines are constantly checking on the internet for updates despite the fact we have an epo server set up. Something similar happened a couple of weeks ago when the scan engine update would not install properly, a reboot fixed it for those affected. However now I can see on our firewall that almost all machines on out network are constantly accessing 92.122.x.x or 92.123.x.x addresses for updates. I can see the ones it keeps trying to access are:

       

      /Products/CommonUpdater/Current/PATCHTMP1000/Templates/0000/Ptchscan.scp.zip
      /Products/CommonUpdater/Current/PATCHTMP2000/Templates/0000/PkgCatalog.z
      /Products/CommonUpdater/Current/VSCANENG1000/Engine/0000/PkgCatalog.z
      /Products/CommonUpdater/Current/VSCANDAT1000/DAT/0000/PkgCatalog.z

       

      Why would this be happeneing if we have an epo server set up? The epo server does appear to be working... When I force an autoupdate from the VirusScan console and check the log you can see it is accessing the epo server on our domain. Is there something I've missed in the epo policy or configuration settings?

       

      This is really affecting our bandwidth. To test I have blocked access to the Akamai IPs which host the update files and have seen our bandwidth usage drop by around 60% as a result.

       

      We only use VirusScan Enterprise 8.7 on patch 2 and epo server 4.0. Any thoughts greatly appreciated.

        • 1. Re: VSE 8.7 constantly accessing internet for updates

          I should also add that I have tried reinstalling agents as well.

          • 2. Re: VSE 8.7 constantly accessing internet for updates

            Hi,

             

            Pls config the Updating details (SItes) of Agents, in the Repositorie Tab...

             

            For eg: List set as, use the list,

            select Repositories by (Ping, server locations etc..)

            Then Enter the Update site details as order (How You required...)

            • 3. Re: VSE 8.7 constantly accessing internet for updates

              Thanks for the response. I have checked the area you refer to and ensured that it uses "this repository list" which has the epo repository listed as the top option. We also have McafeeHTTP set up as a fallback. I think perhaps our agents have all been using the fallback option. I have disabled it and now when I try to force an update from the console it says that it cannot find a valid repository.

               

              I have rebooted the epolicy server but it's still not working. Is there some other log I can check as the update log file gives next to no information.

              • 4. Re: VSE 8.7 constantly accessing internet for updates

                The EPO Agent keeps a much more detailed log.

                 

                Under Vista it is here : C:\ProgramData\McAfee\Common Framework\DB

                Under XP etc, I believe it C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\DB

                 

                You are looking for Agent_<Computername>.log (There is also a simpler XML display of the same data if you load the .XML in that directory into Internet Explorer)

                 

                It may contain some sensitive information, so have a quick look before thinking about posting it's contents.

                 

                In it you should see diagnostic information about updates and it can contain clues as to why certain updates are failing.

                • 5. Re: VSE 8.7 constantly accessing internet for updates

                  I'm not sure what went on but it appears to be fixed now. I did re-enable another repository which was listed under the McAfee Agent policy settings so perhaps this solved it. Though no-one has made any changes to epo so not quite sure why it was working before and then stopped. All a bit of a mystery but I have learnt a few things along the way so thanks for the help.