Many default threat event queries do not show any threats. When you check the MOVE AV Multi-platform 3.5 default Threat Event query definitions, the Detecting Product version may show 2.6 and not the expected 3.5. This incorrect product version causes the query to not return any threats.
While this issue will be resolved in a future release or patched version of the product, you can perform the following steps to work around the issue:
- Log in to the ePO Console.
- Duplicate the query.
- Edit the query and change the Detecting Product version to 3.5.
- Save the query.
- Run the query.
For more information, see KB83280 ( https://kc.mcafee.com/corporate/index?page=content&id=KB83280)
For more resources, visit the McAfee KnowledgeBase and search for Drive Encryption-related KBs and visit the MOVE Community at https://community.mcafee.com/community/business/system/move.
To help you maximize your protection, McAfee SNS ProTips deliver troubleshooting, best practices and how-to tips with links in-depth KnowledgeBase resources. To unsubscribe from ProTips or change your SNS settings, visit the SNS Subscription Center.