cancel
Showing results for 
Search instead for 
Did you mean: 

ePOwerShell

I'm writing a PowerShell module in C# that uses the ePO Web API. It is far from finished and might contain bugs, so try it in your test environment first! I've tested the module on a Windows 2008 R2 server. The module does not contain a help file (working on it) and only a partial Format file.

Let me know if you find an issue and include a screenshot of the command (use the -Verbose parameter).

Available commands:

  • Add-EpoTag
  • Clear-EpoTag
  • Connect-EpoServer
  • Get-EpoClientTask
  • Get-EpoGroup
  • Get-EpoQuery
  • Get-EpoServerTask
  • Get-EpoServerTaskLogMessage
  • Get-EpoServerTaskSubTask
  • Get-EpoSystem
  • Get-EpoTag
  • Invoke-EpoClientTask
  • Invoke-EpoQuery
  • Send-EpoAgentWakeupCall
  • Set-EpoUserProperties
  • Start-EpoServerTask
  • Stop-EpoServerTask

How to start:

  1. Extract the zip file to "C:\Windows\System32\WindowsPowerShell\v1.0\Modules"
  2. Start Powershell
  3. Run "Import-Module ePOwerShell"

Here some examples of how you can use the ePOwerShell module:

Connecting to Epo server:

Connect-EpoServer

Program will try to read the ePO server from the McAfee Agent registry settings and connecto to it on port 8443

Connect-EpoServer -IgnoreSSL

Use -IgnoreSSL if your ePO server uses a self-signed certificate

Connect-EpoServer -Server epo.domain.local -Port 8443 -UserName "EpoUser" -Password "MyEpoPass"

Connect to specific ePO server with specified credentials

System related:

Get-EpoSystem "MyComputer" | Add-EpoTag "MyTag1", "MyTag2"

Get-EpoSystem "MyComputer" | Clear-EpoTag "MyTag3"

Get-EpoSystem "MyComputer" | Send-EpoAgentWakeupCall -ForceFullPolicyUpdate

Get-EpoSystem "MyComputer" | Set-EpoUserProperties -Description "This is My Computer" -CustomField4 "Custom property 4"

Get-EpoClientTask "Update VirusScanner" | Invoke-ClientTask -ComputerName "MyComp1", "MyComp2"

Group related:

Get-EpoGroup -GroupPath "My Organization\Test Group\Sub Group" | Get-EpoSystem

Get-EpoGroup "Test Group" | Get-EpoSystem -SearchSubgroups

Get-EpoGroup "Test Group" | Send-EpoAgentWakeupCall -IncludeSubgroups -FullProperties

Server task related:

Get-EpoServerTask -History -TaskID 1234567 | Get-EpoServerTaskLogMessage

Get-EpoServerTask -History -TaskID 7654321 | Get-EpoServerTaskSubTask

Get-EpoServerTask -Running | ?{$_.taskName -match "Replicate Repository"} | Stop-EpoServerTask

Get-EpoServerTask "AD Sync" | Start-EpoServerTask

Query related:

Get-EpoQuery | ?{$_.Name -eq "My ePO Query"} | Invoke-EpoQuery

Get-EpoQuery | ?{$_.Name -eq "List of systems"} | Invoke-EpoQuery | Send-EpoAgentWakeupCall

Labels (2)
Attachments
Comments

Update:

Removed the version check from "Connect-EpoServer" (you can now run without Global Administrator permissions)

"Get-EpoQuery" now accepts an optional "SearchText" parameter

"Get-EpoGroup" now accepts a "GroupPath" parameter

Added "Set-EpoUserProperties" to set the Description and CustomField1 to 4

I'm not able to import this module, I'm getting 'no valid module file directory'. What am I missing?

Thanks for this Powershell module! The command <Get-EpoGroup "My Organization\Test Group\Sub Group" | Get-EpoSystem> does not work on my system. I do not get back any systems.

Oops, I forgot to add the parameter in the example. Please use it like this:

Get-EpoGroup -GroupPath "My Organization\Test Group\Sub Group" | Get-EpoSystem

Can you check if you have file "ePOwerShell.psd1" in: "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ePOwerShell"?

I do, Here is the list.

Image 9.jpg

Can you try importing the module with the full path? I believe the command is:

Import-Module -name "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ePOwerShell\ePowerShell.psd1" -verbose

Thanks, with the -GroupPath switch it works.

I got the module to import by using the Powershell ISE instead of the normal command line. Is there something that needs to be adjusted on the ePO server to allow connections from powershell though?

"Connect-EpoServer : The remote server returned an error: (401) Unauthorized."

This is using the same Global Administrator I login to the console with.

Thanks for this module mischaboender!

Is it possible to use Clear-EpoTag to clear a specific tag from all systems?  It doesn't like a wildcard for the -ComputerName parameter.

Can you try logging in with the ePO Web API Explorer from https://community.mcafee.com/docs/DOC-2931.

Is it a local ePO user account or from AD? Are there any "special" characters in your username or password?

Not directly, but you could try creating a table query that returns all systems with that specific tag, and use that query like this:

Get-EpoQuery | ?{$_.Name -eq "List of ALL systems with MyTag3"} | Invoke-EpoQuery | Clear-EpoTag "MyTag3"

Hi Mischa,

Thanks for creating this, it's great to have an interface to ePO through PowerShell!

I'm working on a few 'wrapper' functions that handle some logic for our support staff, and I'm running into a little trouble handling Connect-EpoServer.  If I invoke Connect-EpoServer from my function, it appears that the connection is stored in the function scope rather than the global scope, so that $EpoServerConnectionObject does not exist outside of when it is created in the function.

Is there any way around this?  Could you explicitly create this variable as a global variable?  Provide a manner for storing a connection (e.g. $epoConnection = Connect-EpoServer...) and using this for other commands (e.g. Get-EpoSystem -connection $epoConnection)?

Your insight would be greatly appreciated!

CM

epo version 4.5.4

Cannot connect using powershell 2.0 or 3.0 Here's the error, similar to another user

Connect-EpoServer : The remote server returned an error: (401) Unauthorized.

At line:1 char:18

+ Connect-EpoServer <<<<  localhost

    + CategoryInfo          : NotSpecified: (:) [Connect-EpoServer], WebException

    + FullyQualifiedErrorId : System.Net.WebException,MischaBoender.ePOwerShell.PSCmdlets.ConnectEpoServer

GIT Hub repo would be nice if you are willing to share your code

nevermind found my answer

mischaboender,

Question:  is there a cmdlet to disconnect from ePO or do you always need to start a new shell?

Hi All,

Not sure if this is still up and running but this Module is just what ive been trying to get my hands on.

Im trying to update the Description on multiple machines but im only able to update 1 at a time.

Is there any way using this module that this can be achieved?

Thanks in advance

Thanks, man. I put up an Idea thingy some time ago asking McAfee to make a PS management cmdlets, since I like PS alot.

This seems awesome and after some work, would be a serious alternative to EPO GUI.

Mescha,

I will be presenting "Making the ePO Web API Work for You" at FOCUS15 this October.  Most of my work and my presentation will be about Perl and CGI, but for the same of completeness I want to give at least a few screenshots about using your ePOwerShell module.  I would like to get your permission to do this, so if you don't mind please reply back to this comment with your approval or denial.

Thanks,

Marty Brownfield

I am new to the Epowershell module, I have a query that just produces a list of machines with threats for the last 30 days, I would like to be able to get the data by using the module, is there any more details on options available for this powershell cmd

Hi All,

Hoping I could get some feedback on my progress so far. So I have the connection made and can query EPO like 'Invoke-EpoQuery 117' - Conficker.

I would like to know what everyone is using it for and what interesting commands people have used in the past to gather information on a specific single IP, Computer or User Name.

So if I am trying to gain System Information on say a machine called 'L7-Test1' how would this be possible?. Also if this is possible could this be customized to perform a search for this machine, its user and threat events?

Any help would be greatly appreciated. 

Thanks,

Ronan

Hoping I could get some feedback on my progress so far. So I have the connection made and can query EPO like 'Invoke-EpoQuery 117' - Conficker.

I would like to know what everyone is using it for and what interesting commands people have used in the past to gather information on a specific single IP, Computer or User Name.

So if I am trying to gain System Information on say a machine called 'L7-Test1' how would this be possible?. Also if this is possible could this be customized to perform a search for this machine, its user and threat events?

Any help would be greatly appreciated. 

Thanks,

Ronan

What progress? Are you Mischa?

I agree, and since there haven't been any updates on this in a while I've decided to make an open source version:

GitHub - UNT-CAS-ITS/ePOwerShell: This PowerShell Class allows you to easily connect to and work wit...

Mischaboender,

Is this still an active project?

Hey,

I need to get a property for an EPO System (endpoint) for the Product Version (Endpoint Encryption for PC). Currently the Get-System doesn't provide that property. Are you able to update it or provide me with the source code?

Thanks

Version history
Revision #:
1 of 1
Last update:
‎10-21-2012 09:59 AM
Updated by:
 

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community