cancel
Showing results for 
Search instead for 
Did you mean: 

New EPO Admin needs advice

I have a few questions for some experienced EPO administrators. Several months ago I was put in charge of managing our EPO server and improving our protection coverage. The system had been up and running for several years but it was always someone’s secondary project, never their primary so it never received full time attention.
My company has about 6500 client workstations. I know that I will never have 100 percent protection in a large environment. My question is what percentage of protection would some of you guys think is an obtainable protection percentage?
Let me also specify how I determine my % protected. I run two sets of reports one is filtered for only the past 7 days the other is for the past 60 days. The last time I ran the reports I was 97% protected on the 7 day report and 94.8% protected on the 60 day report. This is from the DAT Engine coverage report.

I don’t simply run the reports from the EOP console to get the numbers. I also generate a report of all of the PCs that have had communication with Active Directory within 7 and 60 days. I then compare that report against the report generated by EPO for 7 and 60 days to get a list of PCs that are active on our network but have not communicated with EPO. The last time I ran the report I had about 120 for the 7 day report and 200 for the 60 day report that did not show communication with EPO. If I did not factor in these PCs and just ran the report from EPO I would have a 99.1% protection on the 7 day report and 97.6% protection on the 60 day report. The report I am referring to is the DAT Engine Coverage report.

These numbers may not be great but I started at about 76% protection including the EPO vs. AD PCs. I know that I still can improve my numbers but I don’t know by how much. I have been told that the goal for next year will be 99.8%. This will only allow about 10 PCs out of 6500 to have any type of problem and I am not sure this is reasonable. I have only been working with McAfee and EPO for about 9 months so I am still learning but dose this sound obtainable to any of the seasoned McAfee admins? The workstation environment contains about 5 large campuses and 12 to 18 small campuses. We have a mixture of 80% desktop pc and 20% laptops that are mobile from campus to campus and to the users home.

Another question is how many of you are primarily McAfee\EPO administrators? I seems to me that to maintain a very high protection percentage in 5000+ multi campus environment a full time person is needed. Or am I mistaken?
Thanks for any advice that can be offered.
3 Replies

RE: New EPO Admin needs advice

Well than, welchome, YellowCab



I am trying to get around 3000 machines in 6 campuses worldwide up to date and running. And no, this is not my primary job... fifth or second... 😉
And yes, I think it is a full time job to maintain 5000+ or even less machines. By the way, I think one should also have a 100% backup.
Highlighted

RE: New EPO Admin needs advice

Hi YellowCab

I (try to ) manage around 12.5K machines at 400+ locations, and no its not my full time job... in fact I'm told I spend too much time 'doing ePO'...:)

Anyway, your %protection depends on how strict your company policies are - how often people connect etc...

I did notice you are using your primary measure the DAT Engine report. You may want to consider other things too. To my mind the DAT deployment report is more important.

However, you've obviously made great strides anyway - keep it up!

RE: New EPO Admin needs advice

Thanks, ManuelS and MilleRJ.

MilleRJ I have used the DAT Deployment report but I usually run the DAT Engine Coverage report set with a DAT of 7 Versions back on the 7 day report. I then concentrate on the PCs that do not meet the criteria. I can see how the DAT Deployment can give you a more granular view but I am still concentrating on bulk remediation. I will probably use the DAT Deployment report more as time goes on. I still have quite a few PCs that show activity in AD but not in EPO. I am confident that I can still make some progress I just wanted to get some input from some other EPO admins because I don’t really know what an obtainable goal is. :confused:
More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.