if I remember well, the McAfee AutoUpdate runs with the credentials of the local system account on the client. You can check this out in the firewall logging on ISA. So, if you have user/group based access control, this request will probably not be allowed by ISA.
I remember vaguely a possible workaround, but I have forgotten the exact details. It has something to do with modifying the Wspcfg.ini on ISA for the McAfee AutoUpdate application and add the key ForceCredentials=1. Check out http://www.isaserver.org/pages/articles.asp?art=60 how to do that.
the McAfee AutoUpdate can use a local path, a UNC path and a FTP site. By default the NAI FTP site is used. So, if you allow all clients access to the FTP protocol (no user/group authentication) then it works fine. But that means that all those clients can use the FTP protocol for all sites they have access to. Yes, a known limitation of the current ISA!
There are better solutions available from McAfee, but they require extra software and... money! A possible workaround could be to schedule a custom FTP download and place the files on a share in the internal network. The McAfee AutoUpdate can then pull the updates from this share (UNC path). Moreover, this would decrease the external traffic because the updates must only be pulled once from the NAI site for all the internal clients.
Thanks! A lot of people have asked about McAfee and how to get the Autoupdate to work. Since I've never used McAfee, it was hard for me to understand what the problem is.
I think you're solution is ideal! You could configure a server on the internal network to have access to FTP using a client address set, and then configure the McAffe client computers on the network to use a UNC path. It would reduce Internet traffic quite a bit.
when you installed the product what account did you use. Iset it to a domain account and have had no problems updating our 250+ machines. On our servers I had to direct it thru the ISA server by giving it the internal ip address of the ISA server and the updates worked. I am alos using ePolicy and it is doing the updates as well thru the ISA server with no errors so far.
correct me if I'm wrong, but is ePolicy not an addon product to the naked McAfee VirusScan? I was talking about the Auto Update feature in the naked McAfee VirusScan.
However, you are right about ePolicy. Installing an ePolicy Orchestrator server on your internal network and EPO clients on the pc's solves that problem too. The ePolicy server gets the updates from NAI and they are then pushed from the ePolicy server to the clients.