1 2 3 Previous Next 20 Replies Latest reply on Oct 7, 2008 10:04 AM by Travler

    MyAvert on EPO 4.0(build 1113) Not updating

      Hi,
      We installed ePO 4 and the latest patch but we donn't see MyAvert informations.
      Pulling tasks from McAfee HTTP and FTP and pushing to repositories works fine
      Deployment and managment to our computers also works fine.

      But MyAvert stay silent.

      The dashboard reports:
      Master Repository Status
      No Information Available
      The latest MyAvert information was not successfully retrieved from McAfee.
      My Repository DATs and Engines are 5340.000 and 5200.2160.
      Latest Available DATs and Engines are --.
      Last Check: Unknown

      The reporting / MyAvert ... is empty

      The MyAvert sttings are:
      Update MyAvert Security Threats every 5 Minutes (to test)
      Use a proxy
      the proxy settings are coorectly filled
      port 8801 is open on the firewaal & we can open http://myavert.avertlabs.com:8801/reportservice.asmx

      Any Idea what we can test to do it working ?
      Michel
      ICT ATS Groep
      Belgium
        • 1. RE: MyAvert on EPO 4.0(build 1113) Not updating
          I don't have an answer for you... but we have exactly the same issue.

          Like you, we go through a proxy, and I've checked and double checked until blue in the face. I've an open call with McAfee on this, although it's rather lower priority then a few other calls also open.

          TBH - despite the fact that there have only been ten threats shown on this in the past few years, the most usefull aspect is to check that the DAT in the repository is the same as that on McAfee's site If it's not, then I know there's a problem

          Bob
          • 2. RE: MyAvert on EPO 4.0(build 1113) Not updating
            It's god te feel that you're not alone ....

            Tips. I subscribed to McAfee Aleert and I receive a mail every time a new DAT occure (at night)
            Easy when starting to work at the morning to compare the information from that mail and the ePO dashboard.
            • 3. RE: MyAvert on EPO 4.0(build 1113) Not updating
              davei
              I think this is something to do with epo4 authenticating against your proxy.

              I had the same problem with epo4 and ISA 2006. Plumbed into epo a user\pass that has internet access, and using IE I could access the URL through the ISA whilst logged on interactively as this user. But MyAvert would not update.

              To fix it I had to create a firewall rule in ISA that allowed http traffic from the epo server out to the MyAvert url, but UN-AUTHENTICATED.

              Then it worked fine.
              • 4. RE: MyAvert on EPO 4.0(build 1113) Not updating
                Thx Davei
                It works fine now
                So as you sugested I chnge the rule on our Isa Server 2006 (only port 8801 xas open)
                Michel

                PS. Here are the new/working properties for an updating Myavert:

                Protocol:All outbound (just port 8801 is not enougth)
                From: My ePO server
                To: MyAvert (URL rule to : http://myavert.avertlabs.com:8801/reportservice.asmx)
                Users: All Users (Standard for Authenticate and Unauthenticated)
                • 5. RE: MyAvert on EPO 4.0(build 1113) Not updating
                  Well that's good news... of a sort. It's always good to understand why something doesn't work.

                  Unfortunately, we use ISA2000 here (yes - we know.... promised replacement coming soon ...) and ISA2000 doesn't allow individual rules - it's all or nothing. Unauthenticated connection to the internet isn't going to happen :(

                  While I can understand McAfee accepting unauthenticated traffic for AVERT, why do they have to reject authenticated traffic? I'll ask if this can be looked at.

                  Oh well - at least I'm now getting the DAT notifications from the list-server - thanks for that tip.
                  • 6. RE: MyAvert on EPO 4.0(build 1113) Not updating
                    davei
                    The real issue is that the epo proxy settings either aren't used, or the user\pass is ignored. I personally can't tell whether the proxy server and port settings are used in my environment, as our proxy (ISA2006) is in the default route out of our WAN, therefore traffic will hit ISA regardless of what i put in the proxy sever\port boxes.

                    The username\password settings are definitely ignored one way or another - I can see this by monitoring all traffic outbound from the epo server to the myavert url on our ISA server. The connection hits the firewall service (as a snat client), bounces to the web proxy service but has a username of 'anonymous'. Despite putting a domain\user\pass in the proxy settings in epo.

                    So only a non-authenticated oubound access rule will get it working.

                    MilleRJ - get it upgraded!!! Well worth it....
                    • 7. RE: MyAvert on EPO 4.0(build 1113) Not updating


                      all outbound?! yikes!
                      • 8. RE: MyAvert on EPO 4.0(build 1113) Not updating
                        hello everyone,

                        since I am having the same problem, one question from my side:
                        did someone of you open a service reqest at McAfee regarding this issue?

                        I am asking because in our environment
                        - proxy-settings are used when updating the master repository
                        - myavert.avertlabs.com is reachable through our proxy-server, at least when I try it over a webbrowser

                        from my point of view it should be fixed, and if noone of you opened a service request, I will do it...

                        of course it is not a "BIG" problem... but it annoys me sad
                        • 9. RE: MyAvert on EPO 4.0(build 1113) Not updating
                          Hey,

                          I have the same issue. I agree its not a huge problem, but it would be nice to have it working since its there.

                          My environment
                          -No proxy settings
                          -myavert.avertlabs.com is reachable from my server
                          1 2 3 Previous Next