4 Replies Latest reply on Apr 11, 2014 7:09 AM by ninjaneer68

    Mcafee agent fails Epo push if windows firewall is disabled ?


      I am just curious if the McAfee agent will have issues being pushed from the ePO if the windows firewall service is disabled. I noticed in the Agent error logs that it failed to Add CMA to windows firewall. If I manually install agent using the frame package install it works no problem.


      Just curious if anyone knows if the firewall service has to be on for the ePO to make the changes so the agent can be pushed. 


      I just enabled the firewall but set the status to off for testing.

        • 1. Re: Mcafee agent fails Epo push if windows firewall is disabled ?



          According to your query, if the firewall is enabled, the deploy is successful and once the firewall is disable, it fails. If yes.

          This looks like from the firewall, you have added the communication ports exclusions ( default 80,443).


          But, once you disable the firewall the deployment fails, this looks something is interrupting for communication.


          Follow the steps as below.

          Disable the firewall, and try to telnet from the problem machine as below.

          telnet <epos erver IP > port number ( 80 and 443).


          Try the same way from EPO server : Telnet <target machine IP> port number ( default 80,443).


          Note: You need to find out the ports configured for communication, for this click on Menu/Configuration /Server settings and click on ports tab from epo console

          Check the agent tos erver and secure commmunication ports configured and try with those ports.


          >> If the telnet is successful.


          >> Then try to deploy the agent from EPO, by disable the firwall, and go to servertasklog, and double click on the deployment and click on subtasks to see the complete error message.

          Share the details of this message or with screenshot for assistance.


          Make sure, why trying the above task, the target machine is able to access admin$ share with hostname from epo.


          From epo server open the start =run= \\target machine hostname\admin$  and click  enter to see this is accessible.

          The deployment, will actually copy the "framepkg.exe" file to this location and says deployment successful.

          For some reason it is failed to copy the package, will gets failed message.


          For more information for the environmental for the agent deployment from EPO, check the KB56386 and direct link as below.






          1 of 1 people found this helpful
          • 2. Re: Mcafee agent fails Epo push if windows firewall is disabled ?

            I am not sure if it would be succesfully if the firewall was disabled. The firewall service was disabled. I tested enabling the service but leaving the settings for the firewall turned off. When the service is stopped you can't write rules to the firewall. I am curious if the service is turned off if it causes problems trying to install the agent.


            I checked the admin$ like you mentioned and I can hit that from the ePO on the target machine and I even saw where it copied over the framepkg.exe. Not sure why it didn't install. Thats why i asked about the windows firewall.


            I have a locked image where i can go and reboot the system and re-try some of this over and over again. There is an old agent installed and I am telling the epo to install over top of the old one. It copies to admin$ but it doesn't seem like its running framework.


            Message was edited by: sstretchh on 10/28/13 2:16:31 AM CDT
            • 3. Re: Mcafee agent fails Epo push if windows firewall is disabled ?



              There are many environmental requirement to deploy the agent. Below are some of them.


              Environmental requirements for ePO agent deployment from the ePO server
              You must enable the following on the client and the Microsoft Windows networking environment:

              • Network protocols and ports required for machine name resolution
              • ADMIN$ share
              • File and Print sharing
              • Server service
              • Remote Registry service


              Let know the MA version installed in your client systems and to which version you are trying to migrate and the OS version.


              An alernate solution you are use AD script to deploy MA.




              1 of 1 people found this helpful
              • 4. Re: Mcafee agent fails Epo push if windows firewall is disabled ?

                Thanks for the inputs everyone, it was a big help. I don't have access to the systems in question any more.