I don't think it's a Cisco issue either, I'd just like to see it become integrated into Cisco default ACL listing since it has changed. Their current list is not complete now that is all.
I find it strange that if I enter a72-246-94-51.deploy.akamaitechnologies.com in the Host Policy for the role it doesn't work but if I enter the IP Address in the IP Policy it does works. Either way I got it working again, but thought I'd put it out there that I came across this issue in case someone else started seeing this as well. Thanks for getting back to me. Brian From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Bill Eben Sent: Monday, March 16, 2009 12:09 PM To: [email protected] Subject: Re: McAfee Update Failing I don't believe this is a Cisco issue. The McAfee Agent (Common Framework) needs to be at least version 3.6.0. We had many students running VirusScan Enterprise 8.0i and had Common Framework version 3.5.5. Version 3.5.5 officially reached end-of-life on 12/31/2008, but we didn't start seeing massive problems until around Feb 1st. <http://www.mcafee.com/us/enterprise/support/customer_service/end_life.html> <https://kc.mcafee.com/corporate/index?page=content&id=KB60060> Compounding the problem is that when an update is run, McAfee simply reports "Update finished". It doesn't explicitly tell you the update never happened. Our university no longer has an agreement with McAfee, so I haven't actually downloaded the latest patch (w/version 3.6.0) to test. We've been removing McAfee and installing Sophos (our current vendor) for those affected students. Bill -- Bill Eben Coordinator, Residential Computing Kutztown University 610.683.4974 [email protected]<mailto:[email protected]> On Mar 16, 2009, at 10:53 AM, Brian Beausoleil wrote: Greetings everyone! Over the past few weeks our trouble tickets have increased for the AV Update requirement. The common cause is that McAfee Enterprise is failing to automatically update. Our workers have been updating McAfee manually, but it is becoming repetitive now. I began looking into our User Role policies, and what sites the auto-date service was using. A simple netstat reveals that the McAfee Update utility is no longer pointing to nai.com but rather toa<ipaddress>.deploy.akamaitechnologies.com. I notice the ip address changes, and an nslookup on the servers by name are returning errors "** server can't find a72-246-94-51.deploy.akamaitechnologies.com: NXDOMAIN". Has anyone else seen this? What are you doing to combat this issue? The best I can do for now is add 72.246.94.0/24 to ports 21 and 80 to my temporary role until a solution is found by Cisco that is more dynamic/automatic. Thanks in advance... Brian
