Agent-Server Communication - McAfee EPOLICY ORCHESTRATOR 4.0.2 Product Manual

Distributing Agents to Manage Systems

Agent-server communication

The agent installation package
The FRAMEPKG.EXE file is created when you install the server. It is a customized installation
package for agents that report to your server. The package contains the server name, its IP
address, ASCI port number, and other information that allows the agent to communicate with
the server.
By default, the agent installation package is installed in this location:
C:\PROGRAM FILES\MCAFEE\EPO\DB\SOFTWARE\CURRENT\ ePOAGENT3000\INSTALL\0409\FRAMEPKG.EXE
This is the installation package that the server uses to deploy agents.
The default agent installation package contains no embedded user credentials. When executed
on the system, the installation uses the account of the currently logged-on user.
Agent-server communication
During agent-server communication, the agent and server exchange information using SPIPE,
a proprietary network protocol used by ePolicy Orchestrator for secure network transmissions.
At each communication, the agent collects its current system properties, as well as any events,
and sends them to the server. The server sends any new or changed policies, tasks, and
repository list to the agent. The agent then enforces the new policies locally on the managed
system.
Agent-server communication can be initiated in three ways:
• Agent-to-server communication interval (ASCI)
• Agent-initiated communication after agent startup
• Agent wake-up calls
• Communication initiated manually from the managed system
Agent-to-server-communication interval
The agent-to-server-communication interval (ASCI) is set on the General tab of the McAfee
Agent policy pages. This setting determines how often the agent calls into the server for data
exchange and updated instructions. By default, the ASCI is set to 60 minutes; the agent checks
into the server once every hour.
When deciding whether to modify this policy setting, you must consider your organization's
threat response requirements, available bandwidth, and the hardware hosting the server. Be
aware that ASCI communication can generate significant network traffic, especially in a large
network. In such a case, you probably have agents in remote sites connecting over slower
network connections. For these agents, you may want to set a less frequent ASCI. The following
table lists general ASCI recommendations for common network connection speeds.
General recommended ASCI settings
Network Size
Gigabit LAN
100mb LAN
WAN
Dial-up or RAS
10mb LAN
66 McAfee ePolicy Orchestrator 4.0.2 Product Guide
Recommended ASCI
60 minutes
60 minutes
360 minutes
360 minutes
180 minutes