cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 2
‎08-03-2012 10:24 AM

ePO Agent - Service Account Lockout

We have a domain admin service account used to deploy all things McAfee from ePO 4.6.2.

Agent version 4.6.0.1694 - This is the invidual agent I downloaded and imported into ePO- This is the agent I want my clients to use.

Agent version 4.5.0.1810 - I think this comes embedded in the 8.8 VirusScan install that was also imported into ePO

We're a Fed site and must change service acct passwords frequently. It looks like an agent with a bad password is getting pushed out and that locks the service account which then prevents replication.

I've dug through every task and policy for months and called McAfee a few times earlier this year, but have yet to resolve this.

Does anyone know what the steps are to completely remove all McAfee agents from the ePO server including agents embedded in VirusScan installs?

I want to be certain that ePO is deploying ONLY 1 version of the McAfee agent.

ePO server is Windows 2003 R2 SP2

ePO 4.6.2

Clients are XP Sp3 and Windows 7 Sp1

Any help or suggestions are greatly appreciated. My hair is turning gray, but it's not so bad because it's also falling out now.

Thanks,

-Steve

0 Kudos
Reply
1 Reply
Sk1dMARK
Level 11
Report Inappropriate Content
Message 2 of 2
‎08-06-2012 01:29 PM

Re: ePO Agent - Service Account Lockout

Steve,

Are you using Agents with Embedded credentials?  You didn't specify, so I am going to assume that you are not.

First, a little backstory.

When deploying an Agent, ePO uses the credential you specify to connect to the Admin$ share on the system.  Once authenticated, ePO copies the framepkg.exe file to the target and tries to install it using the Local System account.

If you are not using embedded credentials, the place to look for possible offending operations, is in Server Tasks, Automatic Responses, The deploy McAfee Agent option and Synchronization type on the Group Details tab of any folder that is set up to be an AD sync point.

Also, if you are using Rogue System Detection, you will need to check for RSD-specific Automated Responses where you tell ePO to deploy an Agent to systems it finds and determines are Rogues.

To ensure the proper Agent is being deployed, move the Agent version that you want to deploy to a different repository branch and remove any versions from the Master Repository that you do not want to deploy, this should invalidate any deployment tasks as the Agent version specified is no longer where it thinks it is.

You can then go in and point the intended deployment tasks to the proper repository branch to deploy your intended Agent version.  This of this as a way to ensure that only intended deployment tasks will be running.

This should give you a good start.

Hope it helps.

Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC