1 Reply Latest reply on Oct 17, 2016 3:16 AM by deepak.kakkar

    Integration McAfee ATD with Active Response

    leshe4ka

      Hi.

      I integrated McAfee ATD with Active Response therefore management How to integrate ATD 3.6.0 with Active Response

      When you create a report in the ADT, ADT at the end of the report says - Status: Product is not Avaliable

      Explain to someone how should work together with the Active Response and  ATD ?

       

      Drawing with the file analysis with site eicar.com

       

      ATD-1.jpg

      Drawing with the analysis of another file

      ATD-2.jpg

      Now the analysis of the inscription began to appear - No infected host found

        • 1. Re: Integration McAfee ATD with Active Response
          deepak.kakkar

          Product not available is shown when ATD is unable to communicate to the MAR server for some reason.
          Please check if you are able to perform an “Active Response Search” from the ePO.
          If search from ePO is returning proper results then please check DXL Topic Authorization under Server Settings on ePO. Please ensure the following configuration:
          • Active Response Endpoint Response  -   Send Tags: All systems                   Receive Tags: MARSERVER
          • Active Response Endpoint Results    - Send Tags: All systems                   Receive Tags: MARAGG, MARSERVER
          • Active Response Server API        - Send Tags: (custom ATD tag or ATD tag on System tree(Workstation by default))     Receive Tags: MARSERVER

           

          To add it to the Send Tags, follow the steps below:
          1. On the DXL Topic Authorization screen of ePO, click the “Edit” button in the bottom right corner.
          2. Now mark the checkbox corresponding to “Mar Server API”.
          3. Click “Actions” button on the bottom left corner and then “Restrict Send Tags”.
          4. On the pop up select your ATD tag (ATDDXL I guess) and click OK.
          5. Click “Save” on the bottom right corner.

           

          Then check whether issue gets resolved or not.