Even when MA is not connected to an internal network, it can perform the following functions:
- Enforce previously applied product policies
- Generate client and threat events
- Update content (such as AMCore, DATs)
Direct or indirect access, through tunneling or VPN to an internal network, allows for all functions to continue unimpeded as normal. But, when managed MA endpoints are
not connected to an internal network, some features are
not available or require other configuration as follows:
Agent-server communication
- The agent-server communication interval (ASCI) fails unless a network connection is available from the MA to the Agent Handlers. The route is configured within the client's handler assignment list. It also requires that at least one Agent Handler is externally available.
- MA continues to generate and store client and threat events. But, it is unable to upload them to a handler until network access is restored.
- Compliance queries and dashboards visible within the ePO console could change to show noncompliance. The status can change if the last communication, content version, or other properties sent during ASCI are used as compliance criteria. You see this status change in an environment where many endpoints can no longer reach the ePO server.
Content updates
- By default, MA repository policies contain the McAfeeHttp fallback repository. This repository is externally available to endpoints connected to the internet. The source repository (update.nai.com) contains content updates such as AMCore, Exploit Prevention Content, and DATs. But, it does not contain product installers or updates.
- To verify if your endpoints use the McAfeeHttp fallback repository as an option, review the policy settings in your ePO console:
- Log on to the ePO console.
- Navigate to the Policy Catalog.
- View the McAfee Agent - Repository policies assigned to the endpoints. If the McAfeeHttp fallback repository is listed and shows as Enabled, updating content when off the internal network is possible.
- Client tasks, such as Product Update tasks, continue to run as scheduled on managed endpoints. These tasks execute on schedule and connect to configured repositories as defined in the client's repository policy.
- If the McAfeeHttp fallback repository exists and is enabled (as by default), this repository is used. It is used even if all internal repositories are unavailable when an endpoint is connected to a home network. Internal repository examples include:
- Managed repositories
- SuperAgent Distributed Repositories
- UNC shares
Policy enforcement
- Currently applied policies are still enforced on the configured schedule. By default, policy enforcement is every 60 minutes.
- An agent-server communication must occur from ePO for the following changes to take place:
- Policies
- Policy assignments
- Client tasks
- Client task assignments
If agent-server communication is not possible because of network considerations, none of these changes are made until communication is restored.
Server to Agent communication (wake-ups):
- Similar to ASCI, if a direct route is not available between the internal Agent Handlers and clients, an Agent wake-up fails. For example, when working from home without VPN.
- It is possible to configure an externally available Data Exchange Layer (DXL) broker to facilitate wake-ups in this scenario. Both an externally available DXL broker and a remote Agent Handler must be present and configured. This feature is described and diagrammed in the DXL 5.0 and later product guides.