This content has been marked as final. Show 12 replies
Still having the problem?
Helpful or not, I'll leave to you, but I believe ISA Server best practices suggest NOT using any file-based AV on an ISA server - that is, AV that protects the host ISA machine itself.
Perhaps based on the assumption you follow general ISA best practices, including a locked down security template, as few access rules involing the Localhost network as possible, and no RDP to the ISA itself - only 'remote administration' from an ISA console somewhere else on the network, and probably most importantly no web browsing from the ISA itself.
See the ISA 'God' Tom Schinder's blog on the subject over at isaserver.org:-
I run ISA 2006 STD on Windows 2003 R2 SP1 as a back-end firewall. I run epo4 internally managing 600 clients. I have not put any Mcafee AV software on the ISA at all, including the agent.
In summary, if your ISA is setup securely, you don't need file-based AV. If your sever has the spare capacity to take the performance hit that comes with VScanEnt 8.5, then it is probably not going to cause you any problems other than opening up the epo agent-server port and your chosen protocol for picking up updates http\ftp\cifs from the loclhost network.
My two pennies worth as an ISA and epo admin anyway! Good luck!
Yes, still problem until now sad
Thanks for the Advice i really appricated.
You can use it on the ISA but you have te Exclude all the folders that belong to ISA (Program files, Cache) and SQL server (Log folders etc).
Also exclude folders from third party add in software.
We use McAfee SecurityShield for ISA Server.
It works fine.
Hi Snarf Thanks for your info.
Are you mange the ISA using ePO Agent?
ISA Server 2006 SP1: McAfee Agent 4.0, VSE 8.5i Patch 6, SecurityShield 1 Patch 5.
Epo Server 4.0 Patch 2.
Notice that managment for SecurityShield is not supported by Epo 4.0, only Reporting.
Epo 3.6.1 support managment for Securityshield but i dont like it. My advice keep it in standalone managment.
I asked McAfee Tech Support if SecurityShield will become manageable in Epo 4.0.
They said, it will....
Need more info?
If you dont mind could you please share to me which port that we need to open on the ISA? in our current configuration we change all the 8 digit into 9 is this creating another problem?
The communication problem between ISA <> Epo is most of the time that Epo is using a anonymous account to the ISA.
ISA don't like it and blocks the request. Look in the logs.
One rule that allows anonymous HTTP/HTTPS traffic only between Epo and ISA will help.
Add the Epo server as computer/ip address into the ISA server.
Use that computer in this rule.
Lets give it a try.
I am not in the office right now so i can't give you the config we use.
I will post it later.