Andrew we had a similar issue previously but it was attributed to our web security gateway (proxy) server. In our case our proxy trickle feeds the download to the user (to give them the impression the download is doing something) while full file is downloaded in the background so the necessary security scans can be performed before releasing to the user. What we found was happening is the file download from McAfeeHttp by the proxy was not completing so the user (ePO in this case) was left with only part of the file. As a result the validation of the file size/checksum failed and with it the Update Master Repository task. If you are using a proxy server on your network you could potentially ask your network admins to add the McAfee updates site to bypass. Failing that if there is nothing bleedingly obvious in your ePO logs you might need to perform some traffic monitoring.