cancel
Showing results for 
Search instead for 
Did you mean: 
adamn
Level 7

Unable to view results after scan from ePO

Hello Everyone,

Every time I perform a client task scan from my ePO console for my server, it never logs the threats or notifies me anything. The loading bar will turn green on all three notches and say successful afterwards, but there are not any results under "Threat Events". I've tested this scan many times with the EICAR malware fire and it doesn't seem to work. When I perform the scan on my server with VirusScan Enterprise (VSE) it will catch the EICAR file, remove it, log the event on ePO and send me an alert email. How can I make my ePO server do all this without having to actually perform the scan from the server. Please help, thanks!

-Adam

0 Kudos
15 Replies
adamn
Level 7

Re: Unable to view results after scan from ePO

I also forgot to add that I am using ePO version 4.6.6 and the VSE is version 8.8

Message was edited by: adamn on 7/3/13 11:01:15 AM CDT
0 Kudos
apoling
Level 14

Re: Unable to view results after scan from ePO

Hello,

could you illustrate what your issue is with some screenshots?

Thanks.

Attila

0 Kudos
adamn
Level 7

Re: Unable to view results after scan from ePO

Sure, here are some photos to help me explain:

After I select the server I would like to scan, I run this client:

Perform Scan.png

After this client runs, I want results here on the ePO console:

Results.png

The results that are on the screen are from when I perform the scan directly from the server using VSE:

VSE.png

I hope this helps you understand, thanks for the reply!

Message was edited by: adamn on 7/3/13 11:43:05 AM CDT
0 Kudos
apoling
Level 14

Re: Unable to view results after scan from ePO

Hello,

I would say it is hardcoded that you can only see OAS detection for a client and only the summary of a scan task on this page and not detection of a scan task. Frankly, I would rather use a events query filtered to the host in question than open host properties...but this does not mean it is the only way possible.

By the way the client scan task is not displayed on the VirusScan console in you 3rd picture. This could be the result of a policy setting not to display managed tasks on the client or the task is not assigned to the client at all. Could you check that?

Attila

0 Kudos
Highlighted
adamn
Level 7

Re: Unable to view results after scan from ePO

Hi,

I think I have figured it out, all I had to to do was "create new task" and perform a scan from there. Now I scan scan from ePO and it will detect my EICAR file, and send the results back to the ePO console. The one other problem I have encountered was creating alerts, do you know how to set those up? Thanks for the help Attila, I really appreciate it!

0 Kudos
apoling
Level 14

Re: Unable to view results after scan from ePO

Hi,

I'm glad you've managed to overcome your issue.

If by "alerts" you mean what I think then it is the automatic responses that you could use.

Please could you answer my question regarding client task in my previous response? Thanks.

Attila

0 Kudos
adamn
Level 7

Re: Unable to view results after scan from ePO

Hello,

I've tried using the automatic responses, but it seems to constantly notify me every hour/min/sec/day whichever I select on "Aggregation". It also doesn't stop notifying me (Sending me Emails), how can I set it up to only notify me with only one Email and stop?

As for the your question before, I believe that it is a policy setting that the systems admin set up. I do not have access to a few things on the console and I'm unable to edit any policies.

Thanks,

- Adam

0 Kudos
apoling
Level 14

Re: Unable to view results after scan from ePO

I'm not sure about client task opportunities, but with server tasks you can add several independent actions together, and one of them is Run a Query. If you could time the end of the client task with the start of your server task you could run a query for the events generated by your client tasks (and perhaps send an email of them).

You can filter in the query for Analyzer Detection Method = (your client task name).

Attila

0 Kudos
apoling
Level 14

Re: Unable to view results after scan from ePO

Well I managed to take a look into it. You can set the automatic response (in response to a ePO server client event, that is, for example the event ID of the scan task end) to launch a server task and that server task can run a query, which you would define so it only lists the events that your ODS scan generated and send yourself in an email.

Is this a viable solution for you?

0 Kudos