Knowledge Center

Update McAfee Active Response 2.x certificates and trace URL required
Technical Articles ID:   KB89898
Last Modified:  3/13/2018


McAfee Active Response (MAR) 2.2.x, 2.1.x


McAfee became a separate company in April 2017, and is no longer part of Intel® Corporation. Customers who use MAR 2.x must update the certificates and trace URL. McAfee recommended that this update be done before January 26, 2018.

If you did not update the certificates and URL by January 26, 2018, you might lose trace data in MAR and in the MAR Workspace section of ePolicy Orchestrator (ePO). McAfee strongly recommends that you immediately perform the following steps to update to the new certificates.


NOTE: ​The following solution lists the product versions that were available when this article was first published. McAfee replaces versions with newer releases. For best results, ensure that you upgrade to the latest version available. 
NOTE: ​For MAR 2.2.x environments, updating the URL is the only step needed. Skip to step 7.    
  1. Update to McAfee Active Response Extension/Packages Bundle to:
    1. Go to the ePO Software Manager.
    2. Locate and download McAfee Active Response Extension/Packages Bundle
    3. Update your Active Response installation to
      NOTE: See the Release notes in PD27202.
  2. Upgrade your McAfee ePO Cloud Bridge extension to a minimum version:
    1. Go to the ePO Software Manager and search for Cloud Bridge.
      NOTE: The ePO Cloud Bridge extensions are located under ePO software
    2. Choose the applicable version of ePO and update to version   
      NOTE: For upgrade instructions, see the Installation Guide for your ePO version.  
  3. Verify that your DXL extension is or later:
    1. In ePO, navigate to the Extension page.
    2. In the left pane, select McAfee DXL.
    3. In the center pane, locate McAfee DXL Broker Management and verify the extension version. 
      ​Upgrade to or later if needed:
      1. Go to the ePO Software Manager.
      2. Locate and update to Broker Hotfix 8 (version
        For update instructions, see the Data Exchange Layer 3.1.0 Hotfix 8 Release Notes in PD27266.
        NOTE: Check for required dependencies when you update your DXL extension. Read the complete update instructions before you continue.  
  4. Verify that your DXL Brokers have version or later installed:
    1. In ePO, go to System Tree and select your DXL Brokers.
      IMPORTANT: You can identify all DXL Brokers by viewing the Tag column in the ePO System Tree. DXL Brokers can be standalone servers or installed on the MAR server. If the DXL Broker is installed on the MAR server, the DXL client cannot be upgraded; it remains at its current version.
    2. Select the Product tab for each broker to verify the installed version. 
      Upgrade to a minimum version of if needed:
      1. Go to the ePO Software Manager.
      2. Locate and update to Broker Hotfix 8 (version
        For update instructions, see the Data Exchange Layer 3.1.0 Hotfix 8 Release Notes in PD27266.
        NOTE: Check for required dependencies when you upgrade your DXL brokers. Read the complete update instructions before you continue.
  5. Update the DXL Cloud Databus URL:
    1. In ePO, select Server Settings and select DXL Cloud Databus.
    2. Click Edit.
    3. In the URL box, type the following to update the URL:

    4. Click Save.
  6. Confirm that the updates have been applied:
    1. Navigate to the Extension section of ePO.
    2. Ensure that the extensions listed have the following minimum versions:
      • MAR-Workspace: or later
      • McAfee DXL extension: or later
      • McAfee ePO Cloud Bridge: or later
    3. Open the ePO System Tree.
    4. Select one or more DXL Brokers and select the Product tab. 
      Ensure that the DXL Broker displays the minimum version
  7. Verify that the MAR Workspace points to the correct trace cloud URLs:
    1. From the McAfee ePO server, open a Chrome browser session.
      NOTE: You cannot use Internet Explorer for this test.
    2. In the browser window, type the following URL:
      NOTE: In default environments, the ePO console-to-application communication port is 8443.
    3. Type your ePO logon credentials.
      You see one of two responses displayed: 
      • If updated properly, ePO displays URLs with mcafee.com addresses: 
        • Traces:  https://api1.soc.mcafee.com/ltc/api/v1/ltc
        • Factual Tables:  https://api1.soc.mcafee.com/ft/api/v1/ft
        • Settings:  https://api1.soc.mcafee.com/ss/api/v1/ss
          NOTE: There are no further steps to be performed if you see this output.
      • If not properly updated, ePO displays URLs with Intelsecurity.com addresses.  
        IMPORTANT: If your MAR Workspace does not point to the new McAfee.com URLs, you must contact support.

Rate this document

Did this article resolve your issue?

Please provide any comments below


This article is available in the following languages:

English United States

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.