cancel
Showing results for 
Search instead for 
Did you mean: 
0123
Level 7

Application Control questions and issues

Hello.... (as you can see from all my questions posted, I'm struggling a little to get AppControl up and running smoothly)

1. still struggling with performance issues. this was posted in another question that I'm going to close out and just open a case with McAfee on.  But it looks like our POS team has identified their own issues with microsoft WMI and they are including some fixes they think will help our overall performance issues, but we're curious to if AppControl relies on WMI and if so how much.  If there are issues with it, will AppControl have issues?  have there been any other customers reporting performance issues with AppControl?

2.  I have 74 systems checking into an ePO 4.5 database and my database has grown to over 35GB in 4 months.  This is waaay more than my Enterprise DB that has 5-6 different McAfee products checking into it. This 35GB DB only has App Control events, no other products are installed (other than the MA of course).  What should I expect from DB size growth?

Thanks!!

0 Kudos
12 Replies
jhaynes
Level 12

Re: Application Control questions and issues

Hi Jill,

AppControl doesn't rely on WMI so you should be ok there. I don't have an easy answer for your database question so my suggestion is to open up a case so we can take a look at see whats going on.

Jeff Haynes

0 Kudos
0123
Level 7

Re: Application Control questions and issues

Cool, thanks for letting me know about the WMI.

As for the DB,  I went through the steps according to https://kc.mcafee.com/corporate/index?page=content&id=KB52116 and I got 0 tables.  Looking at it closer, none of the AppControl events made it into ePO's Event Filtering option.  They are different events entirely and have to be excluded on EACH endpoint.  Talking to support confirmed this.  There is a script that can be run, so I'm going to try and use a client task to complete it, but I really hope this gets fixed in later versions.  For some reason, my data just filled up FAST and there definitely are certain events I could care less about (booting commands, file solidified, unsolidified, resolidified, etc..)

0 Kudos
0123
Level 7

Re: Application Control questions and issues

By the way, am I the only one still struggling to call it Application Control?  I still find myself saying Solidcore just about everytime...

0 Kudos
jhaynes
Level 12

Re: Application Control questions and issues

Hi Jill,

No you are definitely not the only person struggling with the Application Control name change.

Do you have a task setup to collect inventory?

How many agents do you have deployed?

Jeff Haynes

0 Kudos
0123
Level 7

Re: Application Control questions and issues

I do have a task that runs to collect Inventory and we're deployed to  74 systems.

By the way, 14GB has filled up since this morning.

0 Kudos
jhaynes
Level 12

Re: Application Control questions and issues

Open up SQL Server Management Studio and take a look at the properties of these two tables and note down the size.

SCOR_FIDB

SCOR_EVENTS

Runs these two commands and let me know how may row are returned. Rows are noted in the bottom left corner.

select * from scor_fidb

select * from scor_events

Jeff Haynes

0 Kudos
0123
Level 7

Re: Application Control questions and issues

SCOR_FIDB =659831

SCOR_EVENTS = 1495262

executed the query to gather rows, and it's still running against scor__fidb.  5 minutes and it still running....

as soon as its finished I'll reply again.

0 Kudos
0123
Level 7

Re: Application Control questions and issues

select * from scor_fidb = 672524
select * from scor_events = 1854240

I opened up the AgentEvents folder on one of our systems and the size of the folder was 2.5GB, with 310,667 events in it!

0 Kudos
jhaynes
Level 12

Re: Application Control questions and issues

Those tables don't look very large.  What is the size of your transaction log?

Jeff Haynes

0 Kudos