Logon domain name change from mcafee.com to trellix.com
Technical Articles ID:
KB96089
Last Modified: 2023-07-18 08:48:28 Etc/GMT
Environment
ePolicy Orchestrator (ePO) - SaaS
ePO - on-premises
Endpoint Detection and Response (EDR)
Trellix Insights
Trellix Mobile Security (TMS)
Skyhigh Security branded products
Summary
NOTE: The information in this article also impacts Skyhigh Security products. For specific Skyhigh Security information, see this Skyhigh Security documentation.
On January 17, 2023, at 11:30 UTC, Trellix and Skyhigh Security changed the fully qualified domain name of their site from mcafee.com to trellix.com. Both Trellix and Skyhigh Security use the trellix.com domain, as they have a shared logon infrastructure. This article applies to all Trellix products, which were formerly branded as MVISION, and all Skyhigh Security branded products.
For the rest of this article, we'll use the phrase the product to mean any of the products that authenticate through this shared logon infrastructure.
This change affects the URLs in the following table.
| URL Change |
Date |
Redirect |
Impact |
Action |
https://auth.ui.mcafee.com/
was changed to
https://auth.ui.trellix.com/ |
January 17, 2023 |
No |
Unable to access the product. |
- Update bookmarks on or before January 17, 2023.
- Allow new URLs through your firewall before January 17, 2023.
|
https://login.auth.ui.mcafee.com
was changed to
https://login.auth.ui.trellix.com |
January 17, 2023 |
No |
SAML / Single Sign-On (SSO) users are unable to access the product through their Identity Provider (IdP). |
- SSO customers need to update the IdP configuration on January 17, 2023 (no earlier). See below for further guidance.
- Allow new URLs through your firewall before January 17, 2023.
|
https://uam.ui.mcafee.com
was changed to
https://uam.ui.trellix.com |
January 17, 2023 |
No |
- Unable to access the users and roles page.
- Unable to use the Sign-in with Trellix feature of the CloudBridge extension.
- Unable to link a tenant for the first time using the CloudBridge Extension.
- Unable to link an ePO-SaaS tenant using the Migration extension on an on-prem ePO server using extension version 5.10.0.1518 or lower.
|
- Upgrade to the new CloudBridge extension when it releases on January 17, 2023.
- Upgrade the Migration extensions or implement the workaround documented below on January 17, 2023.
- Allow new URLs through your firewall before January 17, 2023.
|
https://api.soc.mcafee.com/cloudproxy/databus/produce
was changed to
https://api.soc.trellix.com/cloudproxy/databus/produce
https://api.soc.us-east-1.mcafee.com/cloudproxy/databus/produce
was changed to
https://api.soc.us-east-1.trellix.com/cloudproxy/databus/produce
https://api.soc.eu-central-1.mcafee.com/cloudproxy/databus/produce
was changed to
https://api.soc.eu-central-1.trellix.com/cloudproxy/databus/produce
https://api.soc.ap-southeast-2.mcafee.com/cloudproxy/databus/produce
was changed to
https://api.soc.ap-southeast-2.trellix.com/cloudproxy/databus/produce
https://api.soc.ca-central-1.mcafee.com/cloudproxy/databus/produce
was changed to
https://api.soc.ca-central-1.trellix.com/cloudproxy/databus/produce
https://api.soc.ap-south-1.mcafee.com/cloudproxy/databus/produce
was changed to
https://api.soc.ap-south-1.trellix.com/cloudproxy/databus/produce |
February 15, 2023 |
No |
After February 15, traces sent to the McAfee API URL won't reach the cloud proxy. |
- Allow the new URLs through your Firewall and Proxy before February 15, 2023.
- Go to the ePO Server setting and Cloud Databus tab.
Update the Cloud Databus URL to the required Trellix domain as per your tenant region.
|
ui.soc.mcafee.com
was changed to
ui.soc.trellix.com |
February 15, 2023 |
Yes |
The domain ui.soc.mcafee.com will cease to exist after February 15, 2023. |
- Allow the new URLs through your Firewall and Proxy before February 15, 2023.
- Bookmark this URL if required.
- Update the Trellix EDR Cloud Endpoint Extension version to 22.12.352.1 or later.
|
SAML or SSO users should reconfigure their IdP:
Before January 17, 2023, make sure that you have at least one administrator account exempt from IdP so you can continue to have access to the console until you can update your IdP configuration.
After January 17, 2023 11:30 UTC, update your IdP configuration to change the URL from https://login.auth.ui.mcafee.com to https://login.auth.ui.trellix.com.
To make this change in the Microsoft Azure administrator portal (needed), perform the steps below:
NOTE: These instructions are provided as an example, as Azure is a common IdP. Instructions for other IdPs might be similar.
Contact your IdP support team if you're uncertain as to how to make these changes in your IdP and require assistance.
- Sign into the Azure administrator portal.
- Select Manage Azure Active Directory.
- Select Enterprise Applications from the left-side menu.
- Select the SAML App defined for the Trellix or Skyhigh product that you're using from the list of Enterprise Applications.
- Select Setup Single Sign-On.
- Click Edit inside the section labeled Basic SAML Configuration.
- Modify the Reply URL (Assertion Consumer Service URL) to https://login.auth.ui.trellix.com/sso/saml2/<YOUR ID HERE>
NOTE: The value in the URL after /sso/saml2 is unique to your tenant and mustn't be changed.
Example:
- Before: https://login.auth.ui.mcafee.com/sso/saml2/0oaguwse78gWdlhi02p7
- After: https://login.auth.ui.trellix.com/sso/saml2/0oaguwse78gWdlhi02p7
- Click Save.
- Test SAML SSO to Mv-ePO (Trellix – SaaS).
Here are instructions for exempting a user from your IdP (optional):
NOTE: We recommend that you always have at least one user exempt from IdP so that if a problem occurs with the IdP, you still have access to the product. While these steps aren't needed, we recommend them so that you can retain access to the product while you're in the process of updating your IdP configuration. These steps can be completed before January 17, 2023.
- Access the product.
- Enter this URL in your browser: https://uam.ui.mcafee.com/idp_config.html#!/
- Select the Exempt from SSO option next to one or more users with administrator rights.
- Click Save Changes.
- Log off from the product.
- Navigate to https://auth.ui.trellix.com/.
NOTE: This URL was changed from https://auth.ui.mcafee.com/ to https://auth.ui.trellix.com/ on January 17, 2023.
- Confirm that you can access the product using the user you exempted from SSO in step 3 above.
Hybrid communication via Trellix CloudBridge:
Upgrade to CloudBridge extension version 2.1.0.460, which was released on January 17, 2023.
NOTE: This domain name change only affects customers who use the Sign In with Trellix feature of the CloudBridge extension, such as Trellix Insights customers. Also, after 11:30 UTC on January 17, 2023, users who try to link on-prem ePO to a tenant using the CloudBridge extension for the first time will have to upgrade the extension. If the CloudBridge extension is already linked to your tenant, it'll continue to function after the domain change.
Changes needed for any custom integration scripts
The following URLs will be changed to the new domain. If your script contains any of the following McAfee domains, you must change them to the Trellix equivalent after January 17, 2023.
| Region |
McAfee URL |
Trellix URL |
| USW |
soc.mcafee.com |
soc.trellix.com |
| Frankfurt |
soc.eu-central-1.mcafee.com |
soc.eu-central-1.trellix.com |
| USE |
soc.us-east-1.mcafee.com |
soc.us-east-1.trellix.com |
| SYD |
soc.ap-southeast-2.mcafee.com |
soc.ap-southeast-2.trellix.com |
TMS Changes (Formerly MVISION Mobile)
If you use ePO on-premises to access your TMS console, this function won't work after January 17, 2023. A new extension will be released tentatively in Q1 2023 to resolve this issue. Until then, you can access the TMS console by signing in at https://auth.ui.trellix.com.
Changes needed for ePO-SaaS Migration Extension
The ePO-SaaS migration extension (formerly known as MVISION ePO Migration Extension) is used to migrate endpoints from on-prem ePO to ePO-SaaS. A new extension will be released tentatively in January 2023. If you can't upgrade the extension, you can implement the following workaround on the older extensions:
- Use SQL Server Management Studio to open a query window, and select the primary ePO database.
Related article: KB67591 - How to run a SQL script provided by Technical Support against the ePolicy Orchestrator database.
IMPORTANT: If you're using ePO 5.10, do not select the events database. The script does not work properly unless it's run against the primary database.
- Run the following script:
UPDATE OrionServerPropertiesMT SET [Value] = 'https://uam.api.trellix.com/prod/api/v1' WHERE [Key] = 'uam.url'
Your migration extension will now work with the new URL.
|
