1- Yes it is secure with SSL.
2- Secure port with encryption by default
3- Client attemps to connect using the following methods in this order: First IP, Second FQDN, Third netbios. If all 3 fail to connect then it fails the ASCI.
Here is the exact information i have received from McAfee Gold Support Team. Kindly find it below with one additional question and answer :
1. If we put McAfee ePO agenthandle in DMZ then the client communication happen with McAfee AH issecure or not? If yes then what is the security parameters it uses.
Comments > Yes. All trafficbetween Agents and the Handler are signed and verified with public/private DSAkey pairs for authenticity. McAfee Agent 4.5 and later use TLS by default.
2. McAfee AH and McAfee ePOcommunication is on secure port with encryption or not?
Comments > The communicationbetween Agent Handler and ePO server happens on Port 80 and 443. SSL protocolis used for the communication to ensure the integrity.
3. Is McAfee AH communicationwith client with FQDN (Host Name)?
Comments > Agent Handler (AH)/ePO server, try to reach the client in the following order:
1. IP Address
3. NetBIOS name
AH / ePO will first try toconnect using the IP address, if the client is unreachable, FQDN of the clientis used to communicate and if both fails, AH/ePO will look for NetBIOS name.
4. Does Agent Handlersecurely communicate with SQL Database? If yes what are the parameters it usesto do the same.
Comments > AH uses ADO/SSLprotocol for secure communication with the SQL Database.