Showing results for 
Show  only  | Search instead for 
Did you mean: 

Stinger - Run Task from ePO


does anybody could solve somehow, to have results on the server after run Stinger on the endpoint?

We have Solidcore installed on the endpoint, and we could manage the clients with ePO server. But before we enable the solidcore feature we would like to be sure, that the endpoint is not infected. So, we started to run Stinger via "Run Client task", but we have no real result from its running. I can see, that the task was completed successfully, also, I can check the result html from the endpoint (with --reportpath command line switch), but not easy to login one-by one to the endpoint. It would be much easier, if I could create a report about non-infected machines, to enable the Solidcore....

Any idea?

Thanks in advance:


3 Replies
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: Stinger - Run Task from ePO


if only an AV product is installed there can always be malicious files on it. Additional there can be several files which are unknown by any AV vendor.

After installing Solidcore any executable code is "whitelisted", this means the file can be started. If unknown by McAfee you can use any available tool, you will not see any threat event.

If there is malware the file can be started, but the PE is not able to install anything else, neither generated code is not allowed to run. Also your memory is protected.

At this time it is useful to activate the server tasks to check the File inventory in Solidcore against the GTI cloud. If there is any known malicious file you will see a threat event.

My recommentation if you do not know the state of your endpoints.

- Configure Solidcore running in Observation Mode.

- run OnDemand Scans in regular time frames.

- Compare the file inventory with McAfee GTI (server tasks)

- Create a query to figure out any client which reports no threat event over a specific time.

- Based on the result TAG you can activate a solidcore task to switch from observation mode to enabled mode.

- Check your threat events if any malicious files are reported to block and remove them.

Perhaps you may take a look at Threat Intelligence Exchange (TIE). TIE is able to deliver you an event if unknown code is executed on your endpoint.


Re: Stinger - Run Task from ePO

Thank you Troja!

I will follow your recommendations..

I try to figure out, how can I make TAG based on query (I'm new ePO user), to activate enable mode. It sounds not easy



Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: Stinger - Run Task from ePO


Tagging is easy going.

- Define a Query "Events -> Threat Events", choose the Table as the Output.

- use the filters to define your query in Detail...

Define a Server Task in this way

- Action: Run Query

- Sub-Action: Tag Systems

This should work and you can check the TAG how many Systems have the TAG assigned.


You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community