Installing Active Response The installation includes several components and clients. McAfee® ePolicy Orchestrator® (McAfee® ePO™) extensions McAfee ePO proxy and Cloud Bridge extension McAfee® Threat Intelligence Exchange (TIE) server McAfee® Data Exchange Layer (DXL) brokers McAfee® Active Response server Active Response aggregators Active Response clients on endpoints Active Response content packages Active Response trace rules content package RequirementsFor a successful installation, check that these minimum requirements are met before installing Active Response components. Install the McAfee ePO extensions You must install the Active Response extensions on the McAfee ePO server so it can be managed by Software Manager. Configure McAfee ePO proxy server settings (optional) If your company uses proxy addresses, enter the IP address for the Active Response server in the McAfee ePO proxy settings. Configure the McAfee ePO Cloud Bridge server settings Create a McAfee ePO Cloud account or update an existing account for Active Response. Install the Threat Intelligence Exchange server Install and configure the Threat Intelligence Exchange server. TIE provides file and certificate reputation information and enables you to block or allow them from running in your environment based on their reputation. Install the Active Response serverInstall and configure the Active Response server. The Active Response server communicates with the Active Response clients running on endpoints to collect data and remediate actions. Configure the DXL broker extension Broker extensions are additional features that can be enabled on a Data Exchange Layer broker to add new functionality created by other managed products. Enable the Trace broker extension used by Active Response. Install aggregators You are not required to install an aggregator to use Active Response. However, aggregators reduce the amount of DXL bandwidth required, and increase the number of managed endpoints supported. Installation error messages Detailed endpoint installation errors are described in the Threat Event Log to inform you of missing or invalid dependencies. Viewing the Active Response Health Status The Health Status page shows the status of Active Response server, the TIE server, and the DXL brokers. You can also see the status of Cloud Storage and Services availability, and the Active Response deployments on managed endpoints. Install content packagesInstall content packages to get new collectors and reactions, or new versions of existing built-in collectors and reactions. Install Trace rules content package The Active Response rules content package adds, updates, and removes old Trace rules. You can automatically deploy Trace rules content updates to endpoints when a new update is available in Software Manager. Roll back content rules The last update of Trace rules can be rolled back to a previous version by creating a client task.