My notes on McAfee EPO

My notes on McAfee EPO

- ePO - ePolicy Orchestrator

- ePO - manage security for systems, networks, data and compliance solutions

- agent gets updates (policy, config, software deployment, etc) from ePO server and push to client machine. Also updates epo server of any issues (reporting)

- agent handler communicates apache service via default port 80 or 443 (changed be changed). connection secured via 168 bit 3DES encryption.

- apache support max 250 concurrent connections and try alternative agent handlers, else, queue max 50

- policies cached in RAM by agent handler

- super agent => agent + ability to contact all agents in same subnet.

- epo server talks to sql db only and not epo console, reducing sql connections, complexity and easier troubleshooting

- The Remote Agent Handler is basically Apache and Event Parser, excluding Tomcat and db

- cannot change client to server authenticated communication port after install

- cannot change sql server tcp port after install

- db size = installed db size + (no of client machines x size of client system properties) + (no. of events
generated x event size)


- wong chee tat :)