VSE 8.5.0i Change autoupdate repository list

[dfrandin]

We currently have about 200 seats with VSE 8.5.0i installed, and since our internal update repository had never worked correctly, we had configured the install package (we use New Boundary's Prism) using the McAfee installtailor to configure the autoupdate repo list to try our internal repo, then fall thru to the NAIHttp repo. As our internal repo now works fine, our security people want us to disable the NAIHttp repo entry on all installs.. Is there a registry hack/script or anything available to allow this change w/o redoing our package and repushing out the modified package to all 200 seats?? Have scanned the registry and don't see any obvious choices..

Dave Frandin

 

[VictorySabre]

Is there a reason why your security people want to disable the NAIHttp entry? All of our clients are set to use our own internal repository, but in the event there is a peoblem with our ePO Server or I've taken the server offline to troubleshoot, clients will then get their latest DAT updates from McAfee instead. That way, I'm not under too much pressure to get the server up and running ASAP.

Also, when users are travelling with their laptops, they are not likely going to connect back via VPN to our network so by allowing our laptops to fallback on McAfee's update site, it allows them to keep up to date.

 

[dfrandin]

Thanks for the reply.. Since we are a gov contractor, the security folks I'm getting this request from are from the CompSec group from the gov agency we work for.. We're preparing for a security audit in October, and one of the items brought up during the recent pre-audit, was to remove individual virus-def update capability. Since *why* they want this is beyond my paygrade, all I'm doing is researching *how* we can disable the NAI update capability.

 

[VictorySabre]

OK, fair enough. Not sure if you have ePO or not. I'm only familiar with ePO. If you don't have ePO, I know within the VirusScan Console, you can import an updated AutoUpdate Repository list, but I'm not sure how you can automate that across 200 PCs.

Simplest way if you are using ePO (in case you are using it) is to open up the policy settings for the ePO Agent and then select the Repositories tab. Select the "Use ePO configured repositories" radio box and the "User defined list" radio box.

In the Repository List, this is where all your respositories are defined. Deselect the checkbox next beside NAIHttp and then select Apply All. This should disable the NAIHttp repository from being used. Do an Agent Wakeup Call on your clients and this will update the policy setting.

Just as a check, open up VirusScan Console on one of your PCs and then select the Tools menu and then Edit AutoUpdate Repository List. This should now show NAIHttp as Disabled.