1 Reply Latest reply on Sep 12, 2012 8:39 AM by andychips

    Created local HTTP repository for AutoUpdate without ePO - Kachow!

      Ok so this may get a bit lenghthy:


      Goal was to get our clients that DO NOT have Internet access talking to a local server to get updates, and we didn't have ePO.  So I decided to try and "trick" the autoupdate to think it was talking to McAfee online by doing the following:


      Wrote a batch file and used a scheduled task from a server that had Internet access to download everything off of McAfee's site daily using WGet and put into C:\McAfee:

      -wget -b --no-host-directories -l 10 -r

      Note: This gave us the full folder structure that McAfee provides







      Configured clients local DNS servers and created records for:

      - ftp.nai.com and update.nai.com, both pointing to a local webserver we'll call "MUpdateServer"

      Note: We did this because these are the default settings in each of the clients and since we dont have anything to change hundreds of clients, we decided to redirect the requests.


      Configured IIS on MUpdateServer to have( you need FTP and HTTP for this to work ) :

      -website with hostheader listening on port 80(update.nai.com) pointing a local directory: C:\McAfee, reachable via http://update.nai.com/products & http://update.nai.com/products/commonupdater

      -enable directory browsing on IIS 7 (Server Manager -> Roles ->Right Click on Web Server (IIS) -> "Add Role Services"->Check "Directory Browsing"

      -create a virtual directory named products pointing to c:\McAfee

      Note: Test with a browser to make sure files are viewable: http://update.nai.com/products & http://update.nai.com/products/commonupdater

      -ftp site with hostheader (ftp.nai.com) pointing to local directory: c:\McAfee\commonupdater

      Note: Test with a browser to make sure files are viewable: ftp://ftp.nai.com/CommonUpdater


      So now every new client that is deployed looks for both ftp.nai.com and update.nai.com and downloads the updates locally.


      I hope this saves some time and frustration for someone...


      Deepak in the ATX

        • 1. Re: Created local HTTP repository for AutoUpdate without ePO - Kachow!

          Thanks Deepak. The info in your post helped me achieve a similar thing.


          In my case the servers that needed updating were in a DMZ and only had port 80 open to the LAN. I was therefore very limited in what update services they could access.


          So, much like your FTP instructions, I instead created a website on a server on the LAN, set up a scheduled job to FTP the NAI update area down to it and publish it. I used WinsCP to perform the synchronisation as WGET didn't do that very well.


          I then created a new Autoupdate task in Viruscan console on each server to get its updates from this http server. All seems to work very well.