Hello.... (as you can see from all my questions posted, I'm struggling a little to get AppControl up and running smoothly)
1. still struggling with performance issues. this was posted in another question that I'm going to close out and just open a case with McAfee on. But it looks like our POS team has identified their own issues with microsoft WMI and they are including some fixes they think will help our overall performance issues, but we're curious to if AppControl relies on WMI and if so how much. If there are issues with it, will AppControl have issues? have there been any other customers reporting performance issues with AppControl?
2. I have 74 systems checking into an ePO 4.5 database and my database has grown to over 35GB in 4 months. This is waaay more than my Enterprise DB that has 5-6 different McAfee products checking into it. This 35GB DB only has App Control events, no other products are installed (other than the MA of course). What should I expect from DB size growth?
AppControl doesn't rely on WMI so you should be ok there. I don't have an easy answer for your database question so my suggestion is to open up a case so we can take a look at see whats going on.
Cool, thanks for letting me know about the WMI.
As for the DB, I went through the steps according to https://kc.mcafee.com/corporate/index?page=content&id=KB52116 and I got 0 tables. Looking at it closer, none of the AppControl events made it into ePO's Event Filtering option. They are different events entirely and have to be excluded on EACH endpoint. Talking to support confirmed this. There is a script that can be run, so I'm going to try and use a client task to complete it, but I really hope this gets fixed in later versions. For some reason, my data just filled up FAST and there definitely are certain events I could care less about (booting commands, file solidified, unsolidified, resolidified, etc..)
No you are definitely not the only person struggling with the Application Control name change.
Do you have a task setup to collect inventory?
How many agents do you have deployed?
Open up SQL Server Management Studio and take a look at the properties of these two tables and note down the size.
Runs these two commands and let me know how may row are returned. Rows are noted in the bottom left corner.
select * from scor_fidb
select * from scor_events
SCOR_EVENTS = 1495262
executed the query to gather rows, and it's still running against scor__fidb. 5 minutes and it still running....
as soon as its finished I'll reply again.
select * from scor_fidb = 672524
select * from scor_events = 1854240
I opened up the AgentEvents folder on one of our systems and the size of the folder was 2.5GB, with 310,667 events in it!