Loading...

Knowledge Center


You must update your McAfee Active Response 2.x certificates by October 30, 2017
Technical Articles ID:   KB89898
Last Modified:  10/12/2017

Environment

McAfee Active Response (MAR) 2.x

Summary

McAfee became a separate company in April 2017, and is no longer part of Intel Corporation. Customers who use McAfee Active Response 2.x must update the certificates before the Intel certificates are revoked on October 30, 2017.

If you do not update the certificates by October 30, 2017, you might lose trace data in MAR and in the MAR Workspace section of ePO. McAfee strongly recommends that you immediately perform the following steps to update to the new certificates.

Solution

NOTE: ​The following solution lists the product versions that were available when this article was first published. These versions will be replaced by newer releases. For best results, ensure you upgrade to the latest version available.  
  1. Update to McAfee Active Response Extension/Packages Bundle 2.1.0.268:
    1. Go to the ePO Software Manager.
    2. Locate and download McAfee Active Response Extension/Packages Bundle 2.1.0.268.
    3. Update your Active Response installation to 2.1.0.268.
      NOTE: For release notes see PD27202.
       
  2. Upgrade your McAfee ePO Cloud Bridge extension to version: 1.2.1.146:
    1. Go to the ePO Software Manager and search for Cloud Bridge.
      NOTE: The ePO Cloud Bridge extensions are located under ePO software
       
    2. Choose the applicable version of ePO and update to version 1.2.1.146.   
      NOTE: For upgrade instructions, see the Installation Guide for your ePO version.  
       
  3. Verify that your DXL extension is 3.1.0.607 or later:
    1. In ePO, navigate to the Extension page.
    2. In the left pane, select McAfee DXL.
    3. In the center pane, locate McAfee DXL Broker Management and verify the extension version. 
      ​Upgrade to 3.1.0.607 or later if required:
      1. Go to the ePO Software Manager.
      2. Locate and update to Broker Hotfix 8 (version 3.1.0.607).
        For update instructions, see the Data Exchange Layer 3.1.0 Hotfix 8 Release Notes in PD27266.
        NOTE: Check for required dependencies when you update your DXL extension. Read the complete update instructions before you proceed.  
         
  4. Verify that your DXL Brokers have version 3.1.0.607 or later installed:
    1. In ePO, go to System Tree and select your DXL Brokers.
      IMPORTANT: You can identify all DXL Brokers by viewing the Tag column in the ePO System Tree. DXL Brokers can be stand-alone servers or installed on the MAR server. If the DXL Broker is installed on the MAR server, the DXL client cannot be upgraded; it remains at its current version.
         
    2. Select the Product tab for each broker to verify the installed version. 
      Upgrade to a minimum version of 3.1.0.607 if required:
      1. Go to the ePO Software Manager.
      2. Locate and update to Broker Hotfix 8 (version 3.1.0.607).
        For update instructions, see the Data Exchange Layer 3.1.0 Hotfix 8 Release Notes in PD27266.
        NOTE: Check for required dependencies when you upgrade your DXL brokers. Read the complete update instructions before you proceed.
         
  5. Update the DXL Cloud Databus URL:
    1. In ePO, select Server Settings and select DXL Cloud Databus.
    2. Select Edit.
    3. In the URL box, type the following to update the URL:
      https://api1.soc.mcafee.com/cloudproxy/databus/produce
       
    4. Select Save.
       
  6. Confirm that the updates have been applied:
    1. Navigate to the Extension section of ePO.
    2. Ensure that the extensions listed have the following minimum versions:
      • MAR-Workspace: 2.1.0.206 or later
      • McAfee DXL extension: 3.1.0.607 or later
      • McAfee ePO Cloud Bridge: 1.2.1.146 or later
         
    3. Open the ePO System Tree.
    4. Select the DXL Broker(s) and select the Product tab. 
      Each DXL Broker should have the minimum version 3.1.0.607.
       
  7. Verify that the MAR Workspace is pointing to the correct trace cloud URLs:
    1. From the ePO server, open a Chrome browser session.
      NOTE: Internet Explorer will not work for this test.
       
    2. In the browser window, type the following URL:
      https://<ePO_IP>:<ePO_Port>/remote/propertiesUpdaterCommand.do?
      NOTE: In default environments, the ePO console-to-application communication port is 8443.
       
    3. Type your ePO login credentials.
      You will see one of two responses displayed: 
       
      • If updated properly you will see:
        • Traces:  https://api1.soc.mcafee.com/ltc/api/v1/ltc
        • Factual Tables:  https://api1.soc.mcafee.com/ft/api/v1/ft
        • Settings:  https://api1.soc.mcafee.com/ss/api/v1/ss
          NOTE: There are no further steps to be performed if you see this output.
           
      • If not properly updated, you will see URLs with Intelsecurity.com addresses.  
        IMPORTANT: If your MAR Workspace does not point to the new McAfee.com URLs, you must update them manually.
          
  8. If required, manually update the MAR Workspace trace cloud URLs:
    1. From the ePO server, open a Chrome browser session.  
      NOTE: Internet Explorer will not work for this change.
       
    2. In the browser address window, type the following to change the URLs:
      https://<ePO_IP>:<ePO_Port>/remote/propertiesUpdaterCommand.do?ftURI=https://api1.soc.mcafee.com/ft/api/v1/ft&tracesURI=https://api1.soc.mcafee.com/ltc/api/v1/ltc&settingsURI=https://api1.soc.mcafee.com/ss/api/v1/ss

      You will see the updated URLs listed in the response.  

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.