Hi oh_meh, even if they are untrusted domains you only need to deploy McAfee Agent to them and, if they can reach your ePO server by DNS or IP address, then they will report to it and they will also pull updates from your epo server
Laszlo - I actually didnt know that, i will try that. Thanks for the prompt reply.
A Superagent-based repository will use the existing agent-server communication channel to replicate data, so no further consideration needs to be made regarding protocol.
A distributed repository is generally based on ftp, http or unc which you would have to ensure had the correct ports and credentials right for the respective protocol separately.
If it's untrusted then unc is probably out, but not necessarily ftp or http.
On the most recent versions of ePO & agent you can also look up the term 'lazy cache' and see if that is appropriate in getting updates to your machines.
Think i will give Superdat-based repository a go and see how i get on based on my current set-up.