I don't believe this is a Cisco issue. The McAfee Agent (Common
Framework) needs to be at least version 3.6.0. We had many students
running VirusScan Enterprise 8.0i and had Common Framework version
3.5.5. Version 3.5.5 officially reached end-of-life on 12/31/2008,
but we didn't start seeing massive problems until around Feb 1st.
<http://www.mcafee.com/us/enterprise/support/customer_service/
end_life.html>
<https://kc.mcafee.com/corporate/index?page=content&id=KB60060>
Compounding the problem is that when an update is run, McAfee simply
reports "Update finished". It doesn't explicitly tell you the update
never happened.
Our university no longer has an agreement with McAfee, so I haven't
actually downloaded the latest patch (w/version 3.6.0) to test. We've
been removing McAfee and installing Sophos (our current vendor) for
those affected students.
Bill
--
Bill Eben
Coordinator, Residential Computing
Kutztown University
610.683.4974
[email protected]
On Mar 16, 2009, at 10:53 AM, Brian Beausoleil wrote:
Greetings everyone!
Over the past few weeks our trouble tickets have increased for the
AV Update requirement. The common cause is that McAfee Enterprise
is failing to automatically update. Our workers have been updating
McAfee manually, but it is becoming repetitive now. I began
looking into our User Role policies, and what sites the auto-date
service was using. A simple netstat reveals that the McAfee Update
utility is no longer pointing to nai.com but rather
toa<ipaddress>.deploy.akamaitechnologies.com. I notice the ip
address changes, and an nslookup on the servers by name are
returning errors “** server can't find
a72-246-94-51.deploy.akamaitechnologies.com: NXDOMAIN”. Has anyone
else seen this? What are you doing to combat this issue? The best
I can do for now is add 72.246.94.0/24 to ports 21 and 80 to my
temporary role until a solution is found by Cisco that is more
dynamic/automatic.
Thanks in advance…
Brian
