This content has been marked as final. Show 20 replies
I don't have an answer for you... but we have exactly the same issue.
Like you, we go through a proxy, and I've checked and double checked until blue in the face. I've an open call with McAfee on this, although it's rather lower priority then a few other calls also open.
TBH - despite the fact that there have only been ten threats shown on this in the past few years, the most usefull aspect is to check that the DAT in the repository is the same as that on McAfee's site If it's not, then I know there's a problem
It's god te feel that you're not alone ....
Tips. I subscribed to McAfee Aleert and I receive a mail every time a new DAT occure (at night)
Easy when starting to work at the morning to compare the information from that mail and the ePO dashboard.
I think this is something to do with epo4 authenticating against your proxy.
I had the same problem with epo4 and ISA 2006. Plumbed into epo a user\pass that has internet access, and using IE I could access the URL through the ISA whilst logged on interactively as this user. But MyAvert would not update.
To fix it I had to create a firewall rule in ISA that allowed http traffic from the epo server out to the MyAvert url, but UN-AUTHENTICATED.
Then it worked fine.
It works fine now
So as you sugested I chnge the rule on our Isa Server 2006 (only port 8801 xas open)
PS. Here are the new/working properties for an updating Myavert:
Protocol:All outbound (just port 8801 is not enougth)
From: My ePO server
To: MyAvert (URL rule to : http://myavert.avertlabs.com:8801/reportservice.asmx)
Users: All Users (Standard for Authenticate and Unauthenticated)
Well that's good news... of a sort. It's always good to understand why something doesn't work.
Unfortunately, we use ISA2000 here (yes - we know.... promised replacement coming soon ...) and ISA2000 doesn't allow individual rules - it's all or nothing. Unauthenticated connection to the internet isn't going to happen :(
While I can understand McAfee accepting unauthenticated traffic for AVERT, why do they have to reject authenticated traffic? I'll ask if this can be looked at.
Oh well - at least I'm now getting the DAT notifications from the list-server - thanks for that tip.
The real issue is that the epo proxy settings either aren't used, or the user\pass is ignored. I personally can't tell whether the proxy server and port settings are used in my environment, as our proxy (ISA2006) is in the default route out of our WAN, therefore traffic will hit ISA regardless of what i put in the proxy sever\port boxes.
The username\password settings are definitely ignored one way or another - I can see this by monitoring all traffic outbound from the epo server to the myavert url on our ISA server. The connection hits the firewall service (as a snat client), bounces to the web proxy service but has a username of 'anonymous'. Despite putting a domain\user\pass in the proxy settings in epo.
So only a non-authenticated oubound access rule will get it working.
MilleRJ - get it upgraded!!! Well worth it....
all outbound?! yikes!
since I am having the same problem, one question from my side:
did someone of you open a service reqest at McAfee regarding this issue?
I am asking because in our environment
- proxy-settings are used when updating the master repository
- myavert.avertlabs.com is reachable through our proxy-server, at least when I try it over a webbrowser
from my point of view it should be fixed, and if noone of you opened a service request, I will do it...
of course it is not a "BIG" problem... but it annoys me sad
I have the same issue. I agree its not a huge problem, but it would be nice to have it working since its there.
-No proxy settings
-myavert.avertlabs.com is reachable from my server