Frequently asked questions

Here are answers to frequently asked questions.

See KB87466 for more questions and answers.

Installation

Can I install McAfee Agent on AWS instances using the Agent Deployment URL feature and Amazon User Data?
Yes. For details, see KB85233.
Can I use scripts for Puppet, Chef, or Amazon OpsWorks to install and configure security solutions offered by Intel Security?
Yes.
  • For Puppet sample scripts, see KB82585.
  • For Chef sample scripts, see KB82584.
  • For Amazon OpsWorks scripts, see KB82586.
What happens to my policies when I upgrade from Cloud Workload Discovery 4.0.0 to 4.5.x?
When upgrading from 4.0.0 to 4.5.x, since the policy structure has changed in the latest version, your previous policies, policy settings, and policy assignments are lost.

Configuration

How do I troubleshoot AWS instance connectivity issues?
See AWS documentation.
How many cloud accounts can I register under one McAfee ePO server?
There is no limit to the number of cloud accounts that can be registered under one McAfee ePO server.
How do I get the subscription ID, tenant ID, and client ID?
You can get your client ID, tenant ID, and subscription ID after creating an application. You need to configure your client key. You can create application by following steps listed in Create an application in the Microsoft Azure console. You can also run PowerShell scripts, which automate this process. For details, see KB87316.
What ports are included when I select port as Any when configuring inbound firewall rule?
All ports (0-65535) are included.

Functionality

When AWS instances are switched off, are they reported "powered off" in McAfee ePO?
Yes. If the computers are managed, they aren't deleted, even on termination. Unmanaged systems, when terminated, are no longer seen in the McAfee ePO System Tree.
How long until a new instance is discovered by Cloud Workload Discovery?
After the synchronization occurs, the new instance is discovered. Synchronization depends on the Sync Interval that you specified. If you specify the sync interval as 5 minutes, the next sync is scheduled 5 minutes after the completion of the current sync. You can also schedule a manual sync and the synchronization starts immediately.
What happens when an instance is terminated in EC2?
After the instance is terminated (and a synchronization occurs), the instance is no longer displayed in the McAfee ePO System Tree. But, any events from this instance are still present.
What are the reasons for my cloud account synchronization to fail?
  • Check your cloud account details. Your access key and secret key pair might have been disabled.
  • Check if your network is connected.
  • Check if your McAfee ePO system date and time are synchronized with the internet date and time.
  • Check if you are registering the same AWS account again in McAfee ePO.

Visualization of your cloud accounts

VirusScan Enterprise is installed on my instance, but the instance is still color-coded as red.
If your instance isn't managed with this McAfee ePO, then the status is shown as red. For assessment to show correct result, the instance must be managed by the same McAfee ePO.
Detaching the security group from an AWS instance fails:
  • If there is one NIC associated with an instance, and you are trying to detach a security group.
  • If your instance is associated with multiple NICs and you are trying to detach a security group, which is associated with another NIC.
I can't see the virtual networks when I click Accounts.
If you installed the Cloud Workload Discovery extension and completed registering your accounts, you can see your virtual networks in your accounts when synchronization and assessment is complete.
I can't see all virtual networks in my account.
By default you can see all virtual networks that have at least one running workload. If your virtual network has no running workloads, it isn't shown. Select Show All on the Accounts panel to see all virtual networks.
I can see some names and some IDs under Virtual Networks and Workloads.
By default you can see the names of your virtual networks and workloads. If they don't have a name, you can see their IDs.
Which vendor cloud accounts are supported in the Cloud Workload Discovery dashboard.
Currently, we support AWS and Microsoft Azure cloud accounts. Microsoft Azure classic accounts aren't shown here.
I can't see network traffic for some workloads on the Cloud Workload Discovery dashboard.
  • Network traffic records are available only for AWS workloads.
  • If you can't view traffic for your AWS workloads, make sure that you selected Enable Traffic Discovery for your AWS account.
  • When creating the IAM role for flow logs for your AWS account, make sure that the name of your role is McAfeeFlowLogger.
My traffic discovery is disabled, but I can still see traffic details for AWS instances.
Data retention period for AWS traffic data is seven days. So you might still see some traffic details until the retention period.
How long is the AWS traffic data stored in McAfee ePO?
Data retention period for AWS traffic data is seven days.
Sometimes the Cloud Workload Discovery screen remains collapsed.
Do a browser refresh using F5.
Can I get a detailed server log file if McAfee Agent deployment fails?
Yes.
  • From MenuAutomationServer Task Log, look for Data Center: Auto Deploy McAfee Agent.
  • Select the task with the start date of your deployment task.
  • Select a subtask with your system IP address.
Can I get a detailed server log file if any product installation fails?
Yes.
  • From MenuAutomationServer Task Log, search for "wake up" task that has details about the feature.
  • Select the task with the start date of your deployment task.
  • Select a subtask with your system IP address.
Does the installation of McAfee Agent or any of the products times out?
If your McAfee ePO server doesn't receive the installation status of McAfee Agent or any of the products, it times out after 60 minutes.
What number is displayed in the tooltip of datacenter, cluster, hypervisor, or workloads?
The corresponding ID of the datacenter, cluster, hypervisor, or the workload is displayed in the tooltip.