1 2 Previous Next 10 Replies Latest reply on Jan 20, 2012 8:34 AM by SafeBoot

    If the combination of cwrsync and ePO is going to lock someone's PC

    sunw_dream2000

      then McAfee should investigate on that, right?

       

      Message was edited by: sunw_dream2000 on 1/10/12 10:02:04 PM CST
        • 1. Re: If the combination of cwrsync and ePO is going to lock someone's PC
          JoeBidgood

          Hi...

           

          I'm sorry, I'm not sure exactly what you're asking... are you saying that you have  a problem between cwrsync and ePO? Or are you asking if we investigate product conflicts in general?

           

          Thanks -

           

          Joe

          • 2. Re: If the combination of cwrsync and ePO is going to lock someone's PC
            sunw_dream2000

            Yes, I got problems with cwrsync and ePO, that pushed the encription software Endpoint recklessly to my home PC. I have a company lap with VPN on it. So could you please help to investigate the case?

            • 3. Re: If the combination of cwrsync and ePO is going to lock someone's PC
              JoeBidgood

              We can try     But remember that this forum is not an official support channel - you might need to open a case with support.

              Can you describe exactly what happened, and exactly what the problem is? I'm not aware of any conflicts with cwrsync - I use it a lot in my test environment - and ePO can't have installed EEPC on your home machine unless your home machine was under the control of the ePO server (i.e. it has an agent on it from that server)...

               

              Thanks -

               

              JOe

              • 4. Re: If the combination of cwrsync and ePO is going to lock someone's PC
                sunw_dream2000

                Please open a support ticket for me. I don't know how to. Thanks.

                Here are the details:

                 

                I have a company laptop with VPN installed on it (it also has safeboot on it). Now at home I have a window XP home classic on it (it may have McAfee antivirus installed as well). I put the cwrsync on it, i didn't have much time to do the configuration and set a port forwarding from the router to direct traffic to this home machine.

                 

                One morning when I woke up, trying to use the home machine, I found it was locked by the safeboot - endpoint encription.

                 

                So my guess is that when the VPN was on, the ePO was trying to communicate with the lapy, since the portforwarding was on and the reckless configuration of the ePO server, they thought my home PC belongs to them and push the EEPC onto my home PC.

                 

                The company didn't believe it. Please help.

                • 5. Re: If the combination of cwrsync and ePO is going to lock someone's PC
                  JoeBidgood

                  Hi...

                   

                  Unfortunately I can't open a case for you, as I don't have the ability to validate your details    The easiest approach would be to open a service request at the service portal page, here:

                  https://mysupport.mcafee.com/Eservice/Default.aspx

                   

                  The problem sounds a bit strange, though - as I mentioned before ePO can't install something on your machine unless an agent was installed. It's possible that if your machine appeared on the corporate network, then ePO could detect it as a rogue machine and try to install an agent, but for this to succeed ePO would have to have admin rights on your home machine, which seems unlikely...

                   

                  Open a case with my colleagues - they'll get to the bottom of it

                   

                  HTH -

                   

                  Joe

                  • 6. Re: If the combination of cwrsync and ePO is going to lock someone's PC
                    sunw_dream2000

                    I tried to login in, but it said invalid ID. In this situation, the company has the grant #. 

                     

                    Well, "ePO could detect it as a rogue machine", and why it then install an agent? I mentioned to you, that cwrsync is the key factor, which by default may give write permission.

                    • 7. Re: If the combination of cwrsync and ePO is going to lock someone's PC
                      JoeBidgood

                      I tried to login in, but it said invalid ID. In this situation, the company has the grant #. 

                       

                       

                      In that case, you'll need to get the company grant number ot open a ticket (or get the company to open a ticket for you.)  I think it's important to work with the company ePO administrators here - otherwise there's a chance that this could happen again

                       

                       

                      Well, "ePO could detect it as a rogue machine", and why it then install an agent? I mentioned to you, that cwrsync is the key factor, which by default may give write permission.

                       

                      The Rogue System Detection component of ePO could detect your machine when it connected to the company network, and it can be configured to install an agent on any machines it detects. It doesn't do this by default - the ePO admin has to configure it to do this. However, in order for the agent installation to succeed, the ePO admin needs to know an administrator username and password for your home machine, which I assume they do not - which is why I think it unlikely that RSD is the cause of the agent installation.

                       

                      I think cwrsync is not relevant in this case - we do not use any of the ports or protocols that rsync uses, and even if we did, simply granting write access via rsync (or any other protocol) is not enough to enable an agent installation to succeed - we'd still need local admin rights on the machine.  Instead, I would recommend working with your ePO admins to work out what happened here, so that you can avoid it happening again.

                       

                      HTH -

                       

                      Joe

                      • 8. Re: If the combination of cwrsync and ePO is going to lock someone's PC
                        sunw_dream2000

                        The company tried to deny that, so it is unlikely I would get the grant number from them. This is going to be tougher to prove now.

                         

                        I am lost about what should do. From the other side, if McAfee knows that could happen with cwrsync, then that won't happen either. I think without assumption, please try that on some system. Just follow what I did, I believe you will reproduce that.

                         

                        If you assume that wouldn't happen, just keep saying, "this can't be, this can't be", you will never get there.

                         

                        Plus, the version that is put on my PC has the 5.2.5.0. The database ID shows it is a network installation. How can you explain that?

                        • 9. Re: If the combination of cwrsync and ePO is going to lock someone's PC
                          JoeBidgood

                          While I sympathise with your situation, this seems to be an issue between you and your company, and as such there's not much that we can do

                           

                          From the other side, if McAfee knows that could happen with cwrsync, then that won't happen either. I think without assumption, please try that on some system. Just follow what I did, I believe you will reproduce that.

                           

                          If you assume that wouldn't happen, just keep saying, "this can't be, this can't be", you will never get there.

                           

                          Er - I did test it, and - as expected - was unable to get an agent to install without providing a valid local administrator username and password. The ePO server makes no attempt to connect to to the rsync daemon on port 873.

                           

                          Plus, the version that is put on my PC has the 5.2.5.0. The database ID shows it is a network installation. How can you explain that?

                           

                          I can't, I'm afraid, as we don't have anywhere near enough information - and without the cooperation of the ePO administrators, we will not be able to get it.

                           

                          Sorry

                           

                          Joe

                          1 2 Previous Next