2 Replies Latest reply on Mar 8, 2017 4:48 PM by johnmoe

    Restrict remote log access to ePO administrators only

    mattridd

      Hello,

       

      I have been told that there is a vulnerability in McAfee agent.

      McAfee Corporate KB - Intel Security - Security Bulletin: McAfee Agent update fixes a vulnerability in its remote log vi…

       

      There is a setting that I can check to see whether we are vulnerable, but I cannot find whether this is enabled or not.

       

      Viewing of remote logs in enabled, but I do not know where to look to see if all users can view them or if it actually is restricted to admins.

      Can somebody point me in the right direction?

       

      Thanks,

      Matt Riddler

        • 1. Re: Restrict remote log access to ePO administrators only
          tao

          Check your agent version - Affected Software: McAfee Agent 5.0.x versions prior to 5.0.4.449 - If your agent version is 5.0.4.449 or higher then the vulnerability has been remediated.

           

          As for "Viewing of remote logs in enabled, but I do not know where to look to see if all users can view them or if it actually is restricted to admins." I have yet to discover that feature.  Yet, under the McAfee Agent Policy/General tab - Enable remote access to log AND Accept connections only from ePO server.  That would mean, the only way ANYONE would be able to access the remote logs is by logging on to the ePO server/opening a web browser on the ePO server and navigating to the remote log. 

          • 2. Re: Restrict remote log access to ePO administrators only
            johnmoe

            Restricting the viewing of logs applies to the web interface of the client.  If it's restricted to the ePO server, than you can only browse to http://:8081 from the ePO server.  If it's not restricted, then you should be able to browse to http::8081 from any system on your network.