Altering the certificates used for agent to server communication causes communications to fail
Last Modified: 2023-08-10 10:07:02 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Altering the certificates used for agent to server communication causes communications to fail
Technical Articles ID:
KB94036
Last Modified: 2023-08-10 10:07:02 Etc/GMT Environment
ePolicy Orchestrator (ePO) 5.10.x, 5.9.x McAfee Agent (MA) 5.x Summary
Communications between an MA and an ePO server or Agent Handler are encrypted using Transport Layer Security (TLS). To accomplish the task, each ePO server acts as its own certificate authority (CA) and issues a self-signed certificate chain. It's not possible to modify or replace any part of this certificate chain. Any attempt to do so causes the agent-to-server communications to fail. Communication fails because the agent only accepts a certificate issued by the ePO server that it belongs to. So, the common activities listed below are not possible and are not supported:
Related Information
Certain vulnerability scanning products can flag the self-signed certificate chain as a vulnerability. For an official statement from Engineering about this issue, see KB82163 - ePolicy Orchestrator Sustaining Engineering Statement SSC1803061 - ePO and Nessus (PluginIDs 51192, 57582, 45411) and Qualys (QIDs 38173, 38170). Affected ProductsLanguages:This article is available in the following languages: |
|