9 Replies Latest reply on Dec 4, 2013 8:35 PM by QHAFIZ

    McAfee Agents and Distrubited Repositories

    hiteshp

      Hello all,

       

      I am fairly new to McAfee (even though I have attended the Install and Config course a few weeks ago).

       

      Trying to setup a Repository in our DR site as a test bed to see the function of the process as I will be using the UK ePO server as the parent for our overseas offices.

       

      Created the Repository which is going to be one of the DR servers as a HTTP type with a shared area on the server to access the various products.  I have also created a new Agent Repository Policy which I have assigned to a group which only contains the DR servers.  Within the policy, I've set the Repository List Selection to use this list and the Repository list is set to use the DR Repository first, then the ePO server and then the web.  Forced the server agents in DR to wake up and apply the new policy.

       

      My question is, how can I tell if the servers in DR are using the DR Repository server and not the ePO server?

       

      Any help\guidance would be greatly appreciated.

       

      Regards

       

      Hitesh

       

      ePO Server 4.6.6 (Build 176)

      McAfee Agent 4.8.0.887

      VirusScan 8.8.0.975

       

      Message was edited by: hiteshp on 03/12/13 06:08:58 CST
        • 1. Re: McAfee Agents and Distrubited Repositories
          Tristan

          You could try this dashboard created by djjava9

           

          https://community.mcafee.com/docs/DOC-2996

           

          Basically it uses queries against events generated by your clients to build graphs and reports. You can then drill down and view the detailed inforamtion as well.

          1 of 1 people found this helpful
          • 2. Re: McAfee Agents and Distrubited Repositories
            hiteshp

            Hi Tristan,

             

            Thanks for that.  Imported the Dashboard and it worked great.

             

            Only downside is that the other repository I created is not showing.  Which must mean I have missed something.

             

            Any thoughts?

             

            Regards

             

            Hitesh

            • 3. Re: McAfee Agents and Distrubited Repositories
              Tristan

              The dashboard data is built from events generated by clients therefore if the repository is not shown then possibly no events have been generated.

               

              Have you gone through the event logs and check to see which repository is used when one of these remote clients updates.

               

              Another thing to check is in the VirusScan Console itself. 'Tools' -> 'Edit AutoUpdate Repository List' if you remote repository (local to the client) is at the top of the list then you know your client has downloaded the correct policy.

              1 of 1 people found this helpful
              • 4. Re: McAfee Agents and Distrubited Repositories
                hiteshp

                Hi Tristan,

                 

                So it looks like my polcies are being applied and the servers in DR are showing that the DR Repository is definatly the first in line to be used.

                 

                But looking at the logs, I'm getting an error saying naInet Unable to connect to (DR Repository) on port 80.  Looks like the servers are having trouble connecting to the repository using HTTP.  Found a discussion on this site saying that the moved to FTP instead and that worked.

                 

                I'm going to give that a go.

                 

                If you can think of anything else I could try that would be great, but otherwise thank you soo much for your help :-)

                 

                Regards

                 

                Hitesh

                • 5. Re: McAfee Agents and Distrubited Repositories
                  petersimmons

                  https://community.mcafee.com/people/petersimmons/blog/2012/08/29/repository-scie nce

                   

                  Here's a slightly different one that breaks down the usage by repository and by type (install, update,content). And it is a sliding show of hte last 72 hours... because you don't care about the historical just the current.

                  1 of 1 people found this helpful
                  • 6. Re: McAfee Agents and Distrubited Repositories
                    mcafeenewb

                    You most likely have better results with SuperAgent DR's.  No additional services required like IIS or FTP; it's just an agent policy.

                    • 7. Re: McAfee Agents and Distrubited Repositories
                      hiteshp

                      I've noticed that when you go to setup the McAfee Agent General policy, the repository option is to convert all agents to super agents.

                       

                      Is there a way of controlling that?  There are some servers that will not have enough space on the C: drive to host all the products that will be replicated.

                       

                      Regards

                       

                      Hitesh

                      • 8. Re: McAfee Agents and Distrubited Repositories
                        mcafeenewb

                        You do not want to make all of your endpoint DR's , just the 1-2 or however many you need to manage the load in your environment.  Too many DR's is worse than too few.

                         

                        I recommend reading to ePO Best Practice guide for Your version.  It includes a section on DR's the types and a minor guide on sizing. 

                         

                        SuperAgents are the most flexible and most easy to manage. 

                        • 9. Re: McAfee Agents and Distrubited Repositories
                          QHAFIZ

                          "My question is, how can I tell if the servers in DR are using the DR Repository server and not the ePO server?"

                           

                          Answer:

                          - If the policy is propagated correctly to the Agent (in this case your DR Servers), you may refer to SiteList.xml (default path below) and check for Order="1".  Whatever repository having Order="1" should be the repository being contacted by the Agent. In case the Order="1" repository is not reachable, Agent will try Order="2" and so on. In case the Order="1" repository is not up-to-date (DAT etc), the Agent will again try with Order="2" and so on.

                           

                          Additionally, when you open up the "Update Security" (M icon right click), it should show you the name of the repository Agent is trying to connect to.

                           

                          SiteList.xml path:

                          XP, 2003- Documents and Settings\All Users\Application Data\McAfee\Common Framework

                          Win Vista/7/8/2008- C:\ProgramData\McAfee\Common Framework

                           

                           

                          SiteList.xml example:

                          <TypeOfSite (Http, FTP, SuperAgent etc) Type="repository" Name="NameOfTheRepository" Order="1" Enabled="1" Local="0" Server="FQDNOfRepository:Port" ServerName="NetBIOSOfRepositoryServerPort" ServerIP="IPAddressOfRepositoryComputer:Port">

                          <RelativePath>Software</RelativePath>

                          <UseAuth>0</UseAuth>

                          <UserName />

                           

                          Fyi- In case you want to restrict the Agent to pull the update (DAT, Engine, Spamfilters, Product package etc) from any specific repository (and do not want the Agent to go on order basis by Ping Time or Subnet Distance), then select the 'Use Order in Repository List'. This will restrict the Agent to as you arrange the order (as shown in attached file).

                           

                           

                          Hope this helps.

                           

                          Message was edited by: QHAFIZ on 12/4/13 8:35:18 PM CST