Loading...

Knowledge Center


McAfee MOVE SVM Manager 4.0 and 4.5 support for TLS 1.2
Technical Articles ID:   KB88804
Last Modified:  4/25/2017

Environment

McAfee Management for Optimized Virtual Environments (MOVE)
McAfee MOVE Anti-Virus (AV) Multi-Platform - SVM Manager 4.5, 4.0

For details of MOVE Antivirus supported environments, see KB74865

Summary

This article addresses concerns about McAfee MOVE AV Multi-Platform - SVM Manager 4.0 and 4.5 support for Transport Layer Security (TLS) 1.2.

Description
TLS versions 1.0 (RFC 2246) and 1.1 (RFC 4346) include cipher suites based on the DES (Data Encryption Standard) and IDEA (International Data Encryption Algorithm) algorithms. DES and IDEA are no longer recommended for general use in TLS, and have been removed from TLS 1.2.

Research and Conclusions
Communication between the McAfee MOVE AV Multi-Platform - SVM Manager and McAfee MOVE AV Multi-Platform - SVM uses TLS 1.0. Disabling TLS 1.0 breaks the ability of McAfee MOVE AV Multi-Platform - SVM Manager to communicate with the McAfee MOVE AV Multi-Platform - SVM.

McAfee is aware that McAfee MOVE AV Multi-Platform - SVM can only use TLS 1.0 and cannot be configured to communicate using TLS 1.2 with the current implementation.

Problem

The following errors may be seen in the McAfee MOVE Multi-Platform SVM mvserver.log:
 
U.22548.25788: Feb 07 2017:14:59:07.792: ERROR: CWinHttpHelper.cpp: 281: Failed : winhttpsendrequest ,failed with error 12175
U.22548.25788: Feb 07 2017:14:59:07.792: ERROR: winhttp.c : 95: Failed : Winhttp request failed with error -1
U.22548.25788: Feb 07 2017:14:59:07.792: ERROR: svc_curl.c : 213: Unable to register oss server with broker. Err = -1 (OS defined error code

Solution

This issue has been addressed in MOVE AV Multi-Platform 4.5 hotfix 1184618 (4.5.0.257). Technical Support recommends downloading and installing hotfix 1184618 to correct the issue. If unable to install the hotfix, perform the workaround listed below.

McAfee product software, upgrades, maintenance releases, and documentation are available from the Product Downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.

NOTE:
 You will need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site, as well as alternate locations for some products.

Workaround

Use the following to enable TLS 1.0 on Microsoft Windows systems.
  1. Go to Start, Run and type regedit.
  2. In regedit, navigate to KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  3. Add/Edit DWORD named SecureProtocols and assign a value of 170 (decimal).

In some cases a new SSL Certificate will be required.  The SSL Certificate will be embedded within the MOVE Multi-Platform SVM and SVM Manager policies. Use the following steps to generate a new SSL Certificate for the MOVE Multi-Platform SVM and SVM Manager:
  1. Log in to the ePO Server.
  2. Go to Menu, Automation, Server Tasks.
  3. Run the MOVE AntiVirus : Generate Certificates task.
  4. When the Server Task has completed, reapply the policy to both the MOVE Multi-Platform SVM and SVM Manager.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.