6 Replies Latest reply on Dec 20, 2015 1:55 AM by tkinkead

    DAT updated on client machine but in EPO not communicated and older DAT

    kumar.raja67

      Dear Team,

       

      We have found one machine with latest DAT and McAfee framework services running.

       

      But from EPO the same machine is not communicate older than 2 months,.But in local machines it is updating DAT with our configured repository servers.

       

      Our question is, Agent is not healthy in EPO server.Then how endpoints taking update with the SAR repository server.

       

      COuld you please update me how the update is happening in endpoints.

       

      Regards,

       

      Kuraj

        • 1. Re: DAT updated on client machine but in EPO not communicated and older DAT
          tkinkead

          Do you have McAfeeHttp configured as a fallback repository?  The client is likely updating directly from the Internet.

           

          If the repositories haven't changed since your endpoint received the latest policy, the client can still likely pull updates from those repositories, even if the Agent is not communicating that update back to ePO.  The Agent knows where the distributed repository is and is still able to communicate with that repo to pull updates.

           

          I have about 17,000 endpoints and I'd say we have a couple dozen Agents every week lose contact with ePO.  It's normal, and the Agent likely just needs to be re-installed.

          • 2. Re: DAT updated on client machine but in EPO not communicated and older DAT
            kumar.raja67

            Hi Team,

             

            If agent not communicating in EPO then how endpoints still able to communicate to pull the updates.

             

            Is there any local cache for taking update via repository pull updates? Give me some more clarity on this process.

             

            is there any file location the updates are invoking to endpoints.

             

            Regards,

             

            Kuraj

            • 3. Re: DAT updated on client machine but in EPO not communicated and older DAT
              tkinkead

              The Agent doesn't forget its previous tasks just because it can no longer communicate with ePO.  It will still execute the tasks that were defined when the Agent lost communication.  If one of those tasks is an update task, the update task will execute.

               

              The Agent/VSE may also be using the McAfeeHttp repository to pull DAT updates directly from the internet.

              • 4. Re: DAT updated on client machine but in EPO not communicated and older DAT
                thoom2027

                Hello Friend,

                Surely your eGO is with some communication problems with the machines or it is failing to update the DAT on the internet.

                Then do the following procedure:

                1 - enters the ePO, navigate to MENU - Server Settings - Select Source Sites and copy the address as the image below:

                 

                 

                 

                epo_1.png

                2 - Paste the address in the browser and verifies that opens the page below:

                 

                epo_2.png

                 

                3 - Go in MENU - SERVER TASKS - then immediately force the update task repository and and verifies that it is updated.

                • 5. Re: DAT updated on client machine but in EPO not communicated and older DAT
                  kumar.raja67

                  Dear All,

                   

                  As per your update, McAfee agent will have the tendency to save the task when the first time agent communicate with EPO on endpoints.

                   

                  From example from the 5 day the agent corrupted in endpoints. Even you are saying from the local copy of task will invoke and update the latest DAT on endpoints..right.

                   

                  How the endpoint will invoke and update DAT on the agent corrupted endpoints with EPO / Distributed / AH ? or it will take update only with Mcafeehttp site?

                   

                  One more query, agent corrupted machine you told me the agent doesn't forget the previous task. so it is taking update even it is not communicated with EPO. How about the policies, newly created policies will not aplliy on those endpoints right?

                   

                  Regards,

                   

                  Kuraj

                  • 6. Re: DAT updated on client machine but in EPO not communicated and older DAT
                    tkinkead

                    How the endpoint will invoke and update DAT on the agent corrupted endpoints with EPO / Distributed / AH ? or it will take update only with Mcafeehttp site?

                    A scheduled task will be stored locally on the Agent.  The system doesn't have to communicate with ePO to pull an updated DAT file from the repository, so it will likely try the repository first, and then move to McafeeHttp. 

                     

                    One more query, agent corrupted machine you told me the agent doesn't forget the previous task. so it is taking update even it is not communicated with EPO. How about the policies, newly created policies will not aplliy on those endpoints right?

                    Correct, policies will not be applied.  Changing policies requires communication with ePO.