1 Reply Latest reply on Jan 19, 2010 9:24 AM by tonyb99

    McAfee Agent Activity Log - Best Practices

    runcmd

      I'm seeking the opinion of other McAfee System Administrators on allowing remote access to the Agent Activity Log from computers other than the ePO on port 8081.  Were their any security concerns that influenced your decision to publish or not publish the agent log?  On one hand, it is convenient to be able to open a web browser and check the status of an agent.  On the other hand, some of the information I was able to pull from the Agent Log and NaPrdMgr logs includes: Scheduled Tasks, MA and VSE version, DAT & Engine version, installation path on the client, IP address of the ePO & on what port it's listening, O/S type, number of CPUs, CPU speed, number of hard drives, physical memory, Time Zone, domain name, etc.  There are also sections of the PrdMgr log that look like they may indicate what features of VirusScan are enabled--such as the lines containing "ProdMgr SetPropertyA VIRUSCAN8700".  This could be very valuable reconnaissance information about one's environment for a bad guy.  What are your thoughts?  Thanks!