Loading...

Knowledge Center


Endpoint Security Web Control status balloon is orange
Technical Articles ID:   KB87930
Last Modified:  7/9/2019
Rated:


Environment

McAfee Endpoint Security (ENS) Web Control 10.x

Problem

The ENS Web Control status balloon is orange and search annotations do not display.

Cause

ENS Web Control cannot access the Global Threat Intelligence (GTI) rating servers.

Solution

Modify the GTI policy settings in the following ways to try to correct this issue. Make these changes in ePolicy Orchestrator at Endpoint Security Common Options policy, click Show Advanced, Proxy Server for McAfee GTI section.
  • Try to use browser proxy settings.
  • Try to manually specify a proxy server and configuring user authentication.
  • Verify the value for Network security: LAN Manager authentication level. This value is found in: Control Panel, Admin Tools, Local Security Policy, Security Settings, Local Policies, Security Options. Set this value to Send LM & NTLM – use NTLMv2 session security if negotiated.
NOTE: If your firewall requires authentication, ENS Web Control cannot provide those credentials to the firewall; it can only provide it to a proxy. You must configure the firewall to not require authentication to sae.gti.mcafee.com.

If none of these configurations resolve the issue, perform the following steps to collect diagnostic data for Technical Support:
  1. Make sure that debug ENS Web Control logging is enabled in the Endpoint Security Common Options policy when you reproduce the issue.
  2. Download and run the Minimum Escalation Requirements (MER) tool from the following location: https://support.mcafee.com/webmer. For detailed instructions on how to run the MER tool, see KB59385.
  3. Download and run Wireshark to obtain a network trace at the same time the debug logs are generated: https://www.wireshark.org/.
  4. Note the version of the proxy and the type of authentication used. Determine whether the proxy decodes SSL traffic. SSL traffic inspection will not allow Web Control to get a GTI rating.
  5. Note the proxy settings in the web browser and how the proxy is configured (for example: automatically detect settings, PAC file, or manually specified proxy).
  6. Note the Endpoint Security Common Options policy values for proxies.
  7. Contact Technical Support:
     
    To contact Technical Support, log on to the ServicePortal and go to the Create a Service Request page at https://support.mcafee.com/ServicePortal/faces/serviceRequests/createSR:
    • If you are a registered user, type your User Id and Password, and then click Log In.
    • If you are not a registered user, click Register and complete the required fields. Your password and logon instructions will be emailed to you.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.