Knowledge Center

FAQs for McAfee Agent 5.x
Technical Articles ID:   KB75298
Last Modified:  6/22/2018


McAfee Agent 5.x

For details of MA supported environments, see KB51573.


This article is a consolidated list of common questions and answers and is intended for users who are new to the product, but can be of use to all users.

Recent updates to this article
Date Update
June 22, 2018 Added the following FAQ to the Functionality section: How are the files and connection between McAfee Agent and a Distributed Repository secured?
Removed references to MA 4.x (EOL).

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

Click to expand the section you want to view:

What are the main functions of McAfee Agent?
The most common functions of McAfee Agent include:
  • Manage client systems from the ePolicy Orchestrator (ePO) server.
  • Install and upgrade McAfee managed products on managed systems.
  • Enforce policies on managed systems.
  • Schedule the managed product tasks that run on managed systems.
  • Gather events from managed systems and sends them to the McAfee ePO server.
  • Send and receive private data bi‐directionally over the Data Channel between ePO, McAfee Agent, and other products.

What agent modes exist?
There are three agent modes:
  • Agent - The basic operating mode for McAfee Agent, providing a communication channel to ePO and local services for managed products.
  • SuperAgent - An agent that acts as a source of content updates to other agents in the same network.
  • Agent Handler - An McAfee ePO server component that you can install in various network locations to help manage agent communication, balance the load, and update products.

Why do I see many McAfee Agent processes for Linux?
The McAfee runtime environment uses Linux Native threads through the Light Weight Process implementation. Using Linux Native threads causes each thread to show as a separate process on the client computer.

What components must exist on the McAfee ePO server before I can install the agent?
To install the agent on the managed systems, the extension, the software package, and the key updater package must be added to the McAfee ePO server.

What installation options are available?
Several installation options are available:
  • Push the agent to client systems using ePO.
  • Manually install the agent on each client system.
  • Configure third‐party software (for example, Microsoft Systems Management Server (SMS), Microsoft Group Policy Objects (GPO), or IBM Tivoli) to distribute the agent installation package, which is on your McAfee ePO server, to client systems.
  • Configure logon scripts (Windows only) to install when a user logs on to a client system.
  • Create a customized McAfee Smart Installer and distribute it to client systems for manual installation.

What do I have to consider when deciding whether to change the agent‐server communication interval?
The agent-server communication interval (ASCI) determines how often the McAfee Agent calls into the McAfee ePO server. The default setting of 60 minutes means that the agent contacts the McAfee ePO server once every hour. When deciding whether to change the interval, consider that the agent performs each of the following actions at each ASCI:
  • Collects and sends its properties.
  • Sends non‐priority events that have occurred since the last agent‐server communication.
  • Enforces policies.
  • Receives new policies and tasks. This action might trigger other resource consuming actions.

What options are available for managing McAfee Agent and other McAfee product updates?
Configure one of the following modes:
  • Managed mode - McAfee Agent connects and communicates with the McAfee ePO server to manage its own, and other McAfee products, updates.
  • Unmanaged mode - McAfee Agent does not connect or communicate with the McAfee ePO server, but instead pulls updates from McAfee HTTP or FTP servers.

How are the files and connection between McAfee Agent and a Distributed Repository secured?
When a McAfee Agent is inside the internal network, it connects to the Distributed Repository over HTTP. Hash validation secures the files downloaded from the Distributed Repository.

When MA connects to the Distributed Repository to download a product deployment or DAT package, the package contains a signed pkgcatalog.z file. This file contains the hash information of the files to be downloaded. The McAfee Agent then validates the downloaded file using the contained hash. This method prevents the repository files from being tampered with.

McAfee Agent only connects to the distributed repositories that are listed in the sitelist, which is contained in the MA database. The database is protected by the McAfee Agent self-protection mechanism. This protection prevents MA from connecting to any rogue distributed repositories. For information about MA self-protection, see the latest McAfee Agent Product Guide.
For a full list of product documents, go to the ServicePortal at: http://support.mcafee.com. Click Knowledge Center, and select Product Documentation from the Knowledge Base list.

When would you want to perform a McAfee Agent wake‐up call?
A McAfee Agent wake‐up call triggers an immediate agent-server communication rather than waiting for the current agent-server communication interval (ASCI) to elapse. Some reasons for performing an agent wake‐up call are:
  • You make a policy change that you want to enforce immediately, without waiting for the scheduled ASCI to expire.
  • You created a task that you want to run immediately. The option Run Task Now creates a task, then assigns it to specified client systems and sends wake‐up calls.
  • A query generated a report indicating that a client is out of compliance and you want to test its status as part of a troubleshooting procedure.

How can you view and manage McAfee Agent features from a managed client system?
The McAfee icon in the Windows notification area provides a collection point for viewing the status of McAfee products and performing actions on a client system.

How does the McAfee ePO server sort client systems at the first connection?
When McAfee Agent is installed on a client system, a unique GUID is created based on the MAC address and computer name of the system. McAfee Agent connects to the McAfee ePO server in a randomized few seconds interval. At that connection, the McAfee ePO server uses these system properties to see whether McAfee Agent is populated in the System Tree. A new object is created in the System Tree if the search finds no match. The location for the new object is also based on this sort order.
System properties used when the Sorting Criteria are:
Disabled Enabled
Agent GUID Agent GUID
Domain Name IP address and Tags evaluated for the computer
Computer Name Domain Name
IP address Computer Name

If an entry is found that is listed in the search order, McAfee Agent lists the client system in the correct group. If it does not find any of the above, it would then list the client in the Lost and Found group at the My Organization level.

Is McAfee Agent affected by leap second issues?
No. A leap second is a one-second adjustment sometimes applied to UTC to keep its time of day close to the mean solar time (UT1).
NOTE: Leap second issues do not affect McAfee Agent and ePO.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.