How to prevent DXL Clients from connecting to a Broker after you install McAfee Agent 5.6.0 and later
Last Modified: 2023-05-15 12:33:44 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
How to prevent DXL Clients from connecting to a Broker after you install McAfee Agent 5.6.0 and later
Technical Articles ID:
KB91155
Last Modified: 2023-05-15 12:33:44 Etc/GMT Environment
Data Exchange Layer (DXL) 6.x, 5.x McAfee Agent (MA) 5.6.x SummaryThe approach provided below can also be used to support a phased rollout of a product that requires DXL.
IMPORTANT: Use this approach only if no other installed products depend on DXL. NOTE: When you install a Threat Intelligence Exchange (TIE) Server (DXL Client), a connection to a DXL Broker is essential. If there's no connectivity, the TIE handshake process, which is part of the install process, doesn't complete. As a result, the installation process doesn't complete. The TIE handshake process needs a DXL Broker connection to complete the copy down of TIE certificate files. It's recommended that you create a specific DXL Client Policy for the certificate file copy action to retain DXL Broker connectivity. ProblemWhen MA 5.6 or later is installed on a managed system, the DXL Client is also installed. The DXL Client automatically connects to an available DXL Broker.
In some environments, this feature can be problematic when there's only one broker and many managed systems. Solution 1DXL 5.x systems with MA 5.6.0 and later installed
To select systems that the DXL Client doesn't connect to a Broker when you install MA 5.6.0 or later, perform the steps below:
Solution 2DXL 6.x systems with MA 5.6.2 and later installed
A new policy setting for DXL 6.x clients, allows users to disable DXL communication. To disable the communication via policy, perform the steps below:
Affected ProductsLanguages:This article is available in the following languages: |
|