Update McAfee Active Response 2.x certificates and trace URL required

Technical Articles ID:   KB89898

Environment

McAfee Active Response (MAR) 2.2.x, 2.1.x 

Summary

McAfee became a separate company in April 2017, and is no longer part of Intel® Corporation. Customers who use MAR 2.x must update the certificates and trace URL. McAfee recommended that this update be done before January 26, 2018.

If you did not update the certificates and URL by January 26, 2018, you might lose trace data in MAR and in the MAR Workspace section of ePolicy Orchestrator (ePO). McAfee strongly recommends that you immediately perform the following steps to update to the new certificates. 

Solution

NOTE: The following solution lists the product versions that were available when this article was first published. McAfee replaces versions with newer releases. For best results, ensure that you upgrade to the latest version available. 

1. Update to McAfee Active Response Extension/Packages Bundle to: 2.1.0.268: 
   
   1. Go to the ePO Software Manager.
      
   2. Locate and download McAfee Active Response Extension/Packages Bundle 2.1.0.268.
      
   3. Update your Active Response installation to 2.1.0.268.
      NOTE: See the Release notes in PD27202.
       
2. Upgrade your McAfee ePO Cloud Bridge extension to a minimum version: 1.2.1.146: 
   

1. Go to the ePO Software Manager and search for Cloud Bridge.
   NOTE: The ePO Cloud Bridge extensions are located under ePO software. 
    
2. Choose the applicable version of ePO and update to version 1.2.1.146.   
   NOTE: For upgrade instructions, see the Installation Guide for your ePO version.  
    
   1. Verify that your DXL extension is 3.1.0.607 or later: 
      

1. In ePO, navigate to the Extension page.
   
2. In the left pane, select McAfee DXL.
   
3. In the center pane, locate McAfee DXL Broker Management and verify the extension version. 
   ​Upgrade to 3.1.0.607 or later if needed: 
   1. Go to the ePO Software Manager.
      
   2. Locate and update to Broker Hotfix 8 (version 3.1.0.607).
      For update instructions, see the Data Exchange Layer 3.1.0 Hotfix 8 Release Notes in PD27266.
      NOTE: Check for required dependencies when you update your DXL extension. Read the complete update instructions before you continue.  
       
      1. Verify that your DXL Brokers have version 3.1.0.607 or later installed: 
         

1. In ePO, go to System Tree and select your DXL Brokers.
   IMPORTANT: You can identify all DXL Brokers by viewing the Tag column in the ePO System Tree. DXL Brokers can be standalone servers or installed on the MAR server. If the DXL Broker is installed on the MAR server, the DXL client cannot be upgraded; it remains at its current version.
     
2. Select the Product tab for each broker to verify the installed version. 
   Upgrade to a minimum version of 3.1.0.607 if needed: 

1. Go to the ePO Software Manager.
   
2. Locate and update to Broker Hotfix 8 (version 3.1.0.607).
   For update instructions, see the Data Exchange Layer 3.1.0 Hotfix 8 Release Notes in PD27266.
   NOTE: Check for required dependencies when you upgrade your DXL brokers. Read the complete update instructions before you continue.
    
   1. Update the DXL Cloud Databus URL: 
      

1. In ePO, select Server Settings and select DXL Cloud Databus.
   
2. Click Edit.
   
3. In the URL box, type the following to update the URL:
   
   https://api1.soc.mcafee.com/cloudproxy/databus/produce
    
4. Click Save.
    
   1. Confirm that the updates have been applied: 
      

1. Navigate to the Extension section of ePO.
   
2. Ensure that the extensions listed have the following minimum versions: 
   

1. MAR-Workspace: 2.1.0.206 or later
   
2. McAfee DXL extension: 3.1.0.607 or later
   
3. McAfee ePO Cloud Bridge: 1.2.1.146 or later
    
   1. Open the ePO System Tree.
      
   2. Select one or more DXL Brokers and select the Product tab. 
      Ensure that the DXL Broker displays the minimum version 3.1.0.607.
       
      1. Verify that the MAR Workspace points to the correct trace cloud URLs: 
         

1. From the McAfee ePO server, open a Chrome browser session.
   NOTE: You cannot use Internet Explorer for this test.
    
2. In the browser window, type the following URL:
   https://<ePO_IP>:<ePO_Port>/remote/propertiesUpdaterCommand.do?
   NOTE: In default environments, the ePO console-to-application communication port is 8443.
    
3. Type your ePO logon credentials.
   You see one of two responses displayed: 
    

1. If updated properly, ePO displays URLs with mcafee.com addresses:  
   
   • Traces:  https://api1.soc.mcafee.com/ltc/api/v1/ltc
     
   • Factual Tables:  https://api1.soc.mcafee.com/ft/api/v1/ft
     
   • Settings:  https://api1.soc.mcafee.com/ss/api/v1/ss
     NOTE: There are no further steps to be performed if you see this output.
      
     
     
2. If not properly updated, ePO displays URLs with Intelsecurity.com addresses.  
   IMPORTANT: If your MAR Workspace does not point to the new McAfee.com URLs, you must contact support.