
What is Agent server communication?
It is the channel that the server uses to send agent commands. By default, the server listens on port 7919 for JMS, port 8080 for HTTP, and port 8443 for HTTPS. These ports are configured during the server installation. The agent needs to know only the server’s host and JMS port.
What are agent handlers used to?
As a general response, Agent Handlers should be used when: The existing ePO infrastructure needs to be expanded to handle more agents, more products, or a higher load due to more frequent ASCI communication.
What is the purpose of McAfee agent?
The McAfee Agent is the distributed component of McAfee ePolicy Orchestrator (McAfee ePO). It downloads and enforces policies, and executes client-side tasks such as deployment and updating.
Which ports must be open on the internal facing firewall in a customer environment by default for the ePO server to connect to an agent handler in a DMZ?
IMPORTANT: You can open port 443/80 on the firewall to communicate incoming connections to ePO or Agent Handlers with only the external network.
How does McAfee agent communicate with ePO?
McAfee Agent enforces the new policies locally on the managed system and applies any task or repository changes. McAfee ePO uses an industry-standard Transport Layer Security (TLS) network protocol for secure network transmissions. When McAfee Agent is first installed, it calls into the server in 45 seconds.
Where is the McAfee agent log file?
Log locations:
By default, the McAfee Agent logs on Windows client systems are saved in <ProgramData>\McAfee\Agent\Logs . The Windows installation logs on the client system are saved in: %TEMP%\McAfeeLogs – When the McAfee Agent is installed or upgraded manually.
How do I install McAfee agent handler?
- Open the folder where you extracted the contents of the McAfee ePO software installation package.
- Copy the Agent Handler folder to the intended Agent Handler server system.
- Right-click Setup.exe and select Run as Administrator to start the Intel Agent Handler InstallShield wizard.
Is McAfee agent an antivirus?
McAfee Agent is a client-side component of McAfee ePolicy Orchestrator (McAfee ePO) that downloads and enforces endpoint policies and deploys antivirus signatures, upgrades, patches, and new products on enterprise endpoints.
What is McAfee wake up agent?
A wake-up call triggers an immediate agent-server communication rather than waiting for the current interval to elapse. Note: Use System Tree actions to wake up McAfee Agent. There are two ways to issue a wake-up call: Manually from the server — The most common approach and requires an open wake-up communication port.
How does McAfee client proxy work?
McAfee® Client Proxy software helps protect your endpoint users from security threats that arise when they access the web from inside or outside your network. The software, which is installed on endpoints running Microsoft Windows or macOS, redirects web requests or allows them to continue to a proxy for filtering.
References:
- https://www.ibm.com/docs/SS8NMD_6.1.5/com.ibm.ucbuild.doc/topics/arch_agentServerComm.html
- https://community.mcafee.com/nysyc36988/attachments/nysyc36988/epolicy-orchestrator/24561/1/Agent%20Handler.pdf
- https://www.mcafee.com/enterprise/en-us/downloads/trials/epo-mcafee-agent-deployment.html
- https://kc.mcafee.com/corporate/index?page=content&id=KB59218
- https://docs.trellix.com/bundle/agent-5.5.0-product-guide-epolicy-orchestrator/page/GUID-55844A48-573D-4BE5-8252-A6F1C256E85A.html
- https://kc.mcafee.com/corporate/index?page=content&id=KB83694
- https://docs.trellix.com/bundle/epolicy-orchestrator-5.9.x-installation-guide/page/GUID-66329D34-B7B9-4834-B99A-DE786465F29F.html
- https://www.bleepingcomputer.com/news/security/mcafee-agent-bug-lets-hackers-run-code-with-windows-system-privileges/
- https://docs.trellix.com/bundle/agent-5.5.0-product-guide-epolicy-orchestrator/page/GUID-B293A553-C76C-406F-B701-3842F2702EDB.html
- https://docs.trellix.com/bundle/client-proxy-2.3.5-product-guide/page/GUID-559B73C9-BFE7-479D-829F-77B90B947045.html