4 Replies Latest reply on May 21, 2014 5:41 PM by benimble

    Assistance Needed !!!!!


      Good Afternoon,




      I work on a large network that employs Mcafee security. We have been having a lot of issues with corrupt files or an issue with the ePo Server. Once a local machine does not receive an update for 7 days or so, Mcafee will lock out the computer and block all incoming traffic. We cannot even ping the local loopback and it states "General Failure". We have uninstalled and reinstalled and it just brings us back to the same issue over a short period of time. We have logged on in safe mode and replaced the Mcafee files and that is also only a temporary fix. Once we try to bring up the local client and push the policy/information to the ePo server, the connection does not go through because everything is locked down. On a few occasions, we have been able to connect to the ePo server and them it gets the updates and it is fine but that is rare. We have a lot of users that go to different locations and use VPNs that seem to be a target of this issue since it is occuring more frequently. Is there anything I can do on a local machine itself to get around this or even from the server aspect to avoid this? Anything helps and it really is greatly appreciated. Thanks in advance.




        • 1. Re: Assistance Needed !!!!!
          Laszlo G

          Hi benimble, what McAfee software are you using on your computers? This looks related to the NAC client and its policies

          • 2. Re: Assistance Needed !!!!!




            We use the McAfee enterprise on all of our clients. We do use HBSS but do you think that the issue lies in the NAC Client?




            • 3. Re: Assistance Needed !!!!!

              I can think of a scenario that would do this.


              In our environment, we have a server task on the ePO and checks for "inactive" clients.

              We consider anything that hasn't communicated with the ePO server for 30 days to be "inactive" (I don't know why 30 days).

              It looks like your policy is 7 days.

              If the server detects an inactive client, it will move it to a special group that we created called "Inactive Agents".

              Assuming that your ePO is set up similarly, if the firewall policy applied to the "Inactive Agents" group is set to deny all traffic, then that could be the cause of your problem.

              If that were the case, you could modify the firewall policy on the inactive agent group to allow the clients to communicate with the ePO server only.

              • 4. Re: Assistance Needed !!!!!




                We have our network setup kind of similiar but the first 7 days they are flagged as "rogue" and then after 14 days they are deleted. Once they are considered "rogue" and everything gets locked down, the only communication that exists is from the client to the ePO server. We can send the props/policies still but nothing else. These clients are all on the domain and recieve patches and everything else but we are still running into this issue even when clients are plugged in. If they are inactive and still connected to the ePO server then something is missing somewhere. Any ideas? Thanks in advance.