3 Replies Latest reply on Feb 12, 2010 3:57 AM by JoeBidgood

    McAfee Desktop Firewall 8.5 & EPO 4.0 Reporting

      Hi

       

      From what I understand and have read the Firewall 8.0 and 8.5 cannot be managed via EPO 4.  I am in the process of upgrading our clients to the latest and greatest versions of VSE with all the patches and hotfixes.  The problem I have is that some of the laptops in the field are running McAfee Desktop Firewall version 8.5 with some possibily running 8.0 !  When upgrading these clients to the latest MA4.5 and VSE8.7 the desktop firewall kicks in prompting the user to allow an update to existing rule.  The issue is that even if you allow it to update the rule it actually doesn't and the only way around it is to go in and remove all rules relating to McAfeef from the firewall policy.  In the longrun we are going to implement HIPS but I need to get full complience first before I can upgrade EPO to 4.5.

       

      Therefore the question is - Is there any way to get a list of clients that have the McAfee Desktop Firewall installed out of either the EPO server or the database.  I have noticed that if you view the system details this will list under installed products FIREWALL8500 but cannot find any reports that will give me what I require.

       

      Thanks in advance to anyone that can assist.

       

       

      Enviroment - EPO 4.0 Build 1333 - 1800 Clients running MA 4.0 & MA 4.5 and VSE8.0 through to VSE 8.7 all with Anti-spy & around 100(?) of these clients are running McAfee Desktop Firewall 8.0 and 8.5.

        • 1. Re: McAfee Desktop Firewall 8.5 & EPO 4.0 Reporting
          JoeBidgood

          You're not going to be able to get this from the ePO query engine, as ePO 4 does not know what the firewall is and so cannot query for it. You should be able to get it from the DB though, as the properties for the firewall should still be being reported. Try something like this:

           

          select el.nodename from epoleafnode el join epoproductproperties ep on

          ep.parentid = el.autoid

          where ep.productcode like 'FIRE%'

           

          Regards -

           

          Joe

          • 2. Re: McAfee Desktop Firewall 8.5 & EPO 4.0 Reporting

            Great, thanks for pointing me in the right direction.  I guessed that this would be the only way.

             

            SELECT     EPOLeafNode.NodeName, EPOProductProperties.ProductCode, EPOProductProperties.LastInstalled, EPOProductProperties.InstalledPath,
                                  EPOComputerProperties.IPAddress, EPOComputerProperties.UserName
            FROM         EPOLeafNode INNER JOIN
                                  EPOProductProperties ON EPOLeafNode.AutoID = EPOProductProperties.ParentID INNER JOIN
                                  EPOComputerProperties ON EPOLeafNode.AutoID = EPOComputerProperties.ParentID
            WHERE     (EPOProductProperties.ProductCode = N'FIREWALL8500')

            • 3. Re: McAfee Desktop Firewall 8.5 & EPO 4.0 Reporting
              JoeBidgood

              That'll work, but will only show you the firewall 8.5 machines, of course - you'll need to modify it for your version 8 machines

               

              Regards -

               

              Joe