McAfee ePO server not displaying updated Product version number

security mcafee
11,378

I haven't found a full answer to the question I have asked, but for anyone who might be struggling with the same issue:

A temporary work around is to harass the ePO server until it complies with the request. If you have more then 3 to 5 machines being affected by this issue, I would recommend doing this in very small batches, as it can affect network performance significantly.

  1. Ensure you can check the agent log either through the web interface on ePO or by RDPing into the affected asset(s). You need to watch the progress being made on the agent to ensure that a "failure" state is not being reported. I.e. "(HIPS install tag) has been applied and will be updated at (scheduled time)." followed closely behind by "Agent failed to update (HIPS version number)"

  2. Remove any Install or Uninstall tags that might be currently applied to the affected machine(s). Ensure that the agent reports that the tags have been removed. If it does not report this, there could be a communication problem between the agent and the server that can be fixed by manually uninstalling the McAfee Agent: frminst.exe /forceuninstall

  3. Tag the affected machines with an uninstall tag for the specific product (HIPS or Policy Auditor, for example). Again, ensure the agent reports the uninstall tag has been applied and will be performed on the next update.

  4. Select the machine(s) and choose "Wake Up Agents". I leave the defaults on "Agent Wake-up Call", 0 minutes, Get full product properties, 0 attempts, 30 seconds retry (automatically retries after failing), abort after 5 minutes.

  5. Watch the agent log. After a minute or two you should see activity being reported back. If this doesn't happen, it should be safe to assume there is a problem with the agent or the machine is having network connectivity problems.

  6. Chose the machine(s) and run: Actions -> Agent -> Update Now.

  7. Again, watch the logs for a few minutes. If there were remnants of the product, you should see messages confirming that the tag successfully removed it.

  8. Clear the uninstall tag.

  9. Run Wake Up Agents and Update Now again to ensure the uninstall tag has been removed completely.

  10. Tag the machine(s) for the install tag and repeat again with "Wake Up Agents", you should see a similar report to Step 3 about it being applied on the next update. Run "Update Now".

  11. If you are lucky, the agent should register that the tag has been applied and the product has been successfully installed. Refresh ePO and it should now list having that product installed. If it does not, wait a few minutes and refresh ePO again. If it's still not listed, do steps 1-11 again until it changes.

Typically, I have to do 3 to 4 cycles of all of the above steps to get the machines to react properly. I don't know why this occurs the way it does...it just does.

If you check the machine's "About" listing individually, it will probably properly list the product, but it wont be listed in ePO. I don't know WHY it doesn't list in ePO, I just know that constantly forcing ePO to acknowledge the product being uninstalled/reinstalled manages to fix it. Sometimes.

Share:
11,378

Related videos on Youtube

Sawta
Author by

Sawta

Updated on September 18, 2022

Comments

  • Sawta
    Sawta over 1 year

    I have recently been given Administrative rights to help maintain ePO on my companies network. From the group of machines that I am in charge of keeping up-to-date, a small amount of these machines do not have the proper McAfee Product information displayed in ePO.

    I have remoted into these machines manually and checked the version numbers for these Products (VSE, Policy Auditor, HIPS, DLP, etc.) and they all list the most up-to-date information for those products, (example, HIPS 8.0.0.2239). I then open up the McAfee Agent Status Monitor Console and select "Collect and Send Props", "Send Events", "Check New Policies" and "Enforce Policies" to ensure that the agent is able to communicate with the ePO server without throwing out any error messages. Everything seems to register fine. When I log back into ePO and check the computer name in System Tree, the computer still shows an outdated version of that product number (HIPS 8.0.0.2151, for example).

    I have tried to tag these systems with Uninstall/Reinstalls to fix the issue, and it worked on two machines, but there is still at least 20 machines that are not registering properly! I've tried this several different times over the course of a week now, giving plenty of time (at least 24 hours) between the uninstall and reinstall but the issue still remains in ePO.

    I've done some searching online and see that other people have been suffereing from this same problem (link), but the only "solution" that has been repeated over and over was to uninstall/reinstall, which like I said before, is not working for some of my machines.

    Any advice would be much appreciated.

    • Schlauge
      Schlauge almost 11 years
      What version of McAfee Agent and also which version of ePO are you using? What is the "last communication time" for the system in question, Does ePO acknowledge the ASCI?
    • Sawta
      Sawta almost 9 years
      My apologies for the extremely late reply: I'm using 4.8.0.1500 currently for all of my machines. For the majority of those machines, they have a check-in time of (today's date). Obviously one or two have agent issues, but, for the majority seem to be communicating properly. They register that tags have been applied for install, but after the install completes it does not reflect the installed software on the server side.
    • Sawta
      Sawta almost 9 years
      Please note: in the answer that I provide below, it ignores the part about the install/uninstall tag "trick" not working. This is because I had to perform very specific actions to get it to work (monitoring the agent closely to ensure it didn't throw out error messages or fail to communicate entirely after a short while). Additionally, sometimes it just...doesn't work and needs to be redone from the beginning several times in order to check in properly.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to manage OAuth flow in mobile application with server
Are compile-time variables secure in flutter?
Why is it bad practice to use an FCM Server Key on a Flutter/Android client?
How to protect Flutter app from reverse engineering
GDPR and personal data
Securely Saving API Keys In Android (flutter) Apps
Android Studio Emulator makes Windows 10 crash
How can I prevent backup for user data in flutter for iOS app?
Flutter/Dart security scans
How to hide API Keys in AndroidManifest.xml