1 of 1 people found this helpful
I think you will not have problems to manage clients located in a different AD Forest. The main concern here would be to get the McAfee Agent installed on the machines from a diferent domain. Anyway there are currently tools that allow you to resolve this like a embedded agent with a custom account.
Once the McAfee Agent is installed it will connect into the ePO server or Agent handler (only available in ePO 4.5) by using its Ip Address/FQDN/Netbios on its specific port which is defined during the installation. Then the McAfee Agent download new policies and tasks from the ePO server and will upload events. All of this traffic is done via Spipe (a proprietary protocol which works like HTTP) so no domain information is used during these activities. This is the reason on why I think you will not have problems during normal agent to server communication.
There are some features that you can use to deploy McAfee Agents like RSD, Active Directory Synch task, Send Agent Install. These features will require adjustments in order to adhere the requirements to deploy the McAfee Agent to a machine in a different domain.
Hope this helps.
Thanks Bruno that looks very encouraging.
Apologies for the late reply but I did not get an email notification about the response for some reason..
If the communication is via "SPIPE" then how does this "transit" through firewalls etc. ? - or is it genuinely seen as HTTP and we only ned to allow HTTP on the designated comunication port for the agent ?
Please take a look at the KB https://kc.mcafee.com/corporate/index?page=content&id=KB56111&actp=search&viewlo cale=en_US&searchid=1294412092867 in order to obtain more information about SPIPE.
Also take a look at the KB https://kc.mcafee.com/corporate/index?page=content&id=KB66797&actp=search&viewlo cale=en_US&searchid=1294412642879 for information about ports that you will need to open in your firewall.