Every time I perform a client task scan from my ePO console for my server, it never logs the threats or notifies me anything. The loading bar will turn green on all three notches and say successful afterwards, but there are not any results under "Threat Events". I've tested this scan many times with the EICAR malware fire and it doesn't seem to work. When I perform the scan on my server with VirusScan Enterprise (VSE) it will catch the EICAR file, remove it, log the event on ePO and send me an alert email. How can I make my ePO server do all this without having to actually perform the scan from the server. Please help, thanks!
Sure, here are some photos to help me explain:
After I select the server I would like to scan, I run this client:
After this client runs, I want results here on the ePO console:
The results that are on the screen are from when I perform the scan directly from the server using VSE:
I hope this helps you understand, thanks for the reply!Message was edited by: adamn on 7/3/13 11:43:05 AM CDT
I would say it is hardcoded that you can only see OAS detection for a client and only the summary of a scan task on this page and not detection of a scan task. Frankly, I would rather use a events query filtered to the host in question than open host properties...but this does not mean it is the only way possible.
By the way the client scan task is not displayed on the VirusScan console in you 3rd picture. This could be the result of a policy setting not to display managed tasks on the client or the task is not assigned to the client at all. Could you check that?
I think I have figured it out, all I had to to do was "create new task" and perform a scan from there. Now I scan scan from ePO and it will detect my EICAR file, and send the results back to the ePO console. The one other problem I have encountered was creating alerts, do you know how to set those up? Thanks for the help Attila, I really appreciate it!
I'm glad you've managed to overcome your issue.
If by "alerts" you mean what I think then it is the automatic responses that you could use.
Please could you answer my question regarding client task in my previous response? Thanks.
I've tried using the automatic responses, but it seems to constantly notify me every hour/min/sec/day whichever I select on "Aggregation". It also doesn't stop notifying me (Sending me Emails), how can I set it up to only notify me with only one Email and stop?
As for the your question before, I believe that it is a policy setting that the systems admin set up. I do not have access to a few things on the console and I'm unable to edit any policies.
I'm not sure about client task opportunities, but with server tasks you can add several independent actions together, and one of them is Run a Query. If you could time the end of the client task with the start of your server task you could run a query for the events generated by your client tasks (and perhaps send an email of them).
You can filter in the query for Analyzer Detection Method = (your client task name).
Well I managed to take a look into it. You can set the automatic response (in response to a ePO server client event, that is, for example the event ID of the scan task end) to launch a server task and that server task can run a query, which you would define so it only lists the events that your ODS scan generated and send yourself in an email.
Is this a viable solution for you?