cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Steve799
Level 7
Report Inappropriate Content
Message 1 of 6

AMcore compliance question.

I seem to have an ongoing issue where many systems (about 40%)  appear under the Compliance Overview/AMcore section as not being compliant but when I investigate an example computer it's AMcore version is usually the version from the previous day - i thought the report only marks as not compliant if seven days old?

For example - 

Amcore 6400.9594 (23/02/22) is being mark as non compliant on 24/02/22

The agent version is 5.7.4.399 and Threat Prevention 10.7.0.2725

Currently using 5.10 u12 (although this issue has been ongoing since i took over EPO management form u3).

Many thanks

 

Steve

 

5 Replies
Nitisha_Awas
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: AMcore compliance question.

Hi Steve,

Thank you for reaching us on the community portal.

Few things to check:

  • If you select one of the systems misreporting and send it a full properties wake-up call, does the AMCore content + compliance status update?
    By Amcore 6400.9594, I believe we are talking about the Engine version and not the Amcore Version, could we verify if Amcore is also updated?
  • Any changes on the ENSTP extension side? Could we know what ext. the version you're running, or if you reinstalled the extension in the recent past?

=======================================================

An example of why this may happen is if you reinstall ENSTP extensions:

The agent properties on the system still contain the non-compliance value that was previously collected during the last property collection event. Since this value has not changed since the last time the properties were collected, the property is not uploaded to the ePO database during a regular agent-server communication interval. The value is updated in the system's ePO properties when a wake-up call with full property collection runs.

Ref: https://kc.mcafee.com/corporate/index?page=content&id=KB93232&locale=en_US

In addition, the default compliance query Endpoint Security Threat Prevention: AMCore Content Compliance Status calculates the compliance based on the release date of the AMCore content. If the AMCore content is less than seven days old, it is considered compliant. The value of 7 days is hard-coded. It is not possible to change the criteria for compliance based on numeric comparison such as "Is within X versions of repository" or "Is not within X versions of repository".

Hope this helps.

Was my reply helpful?

If you find this post useful, please give it a Kudos!  Also, please don't forget to select "Accept as a solution" if this reply resolves your query!

 

 

Steve799
Level 7
Report Inappropriate Content
Message 3 of 6

Re: AMcore compliance question.

Many thanks for the quick response.

 

Ah, yes, apologises, I copied the engine version as opposed to actual AMcore version. Version is 4719.0 collected 23/02. 

 

I ran a full wake up but as of yet, but no, it's not reported content update or compliance status change. AMcore version is still from yesterday despite the latest/todays be available in the master repository.

Currently running ENSTP extension 10.7.0.1248 which was updated/checked in a few days ago, although this issue has been going on for weeks but ignored by our previous admin, so thought I'd take a look.

 

 

 

Nitisha_Awas
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: AMcore compliance question.

Compliance is calculated at the client and sent as product properties to ePO. If in ePO shows as non-compliant then the last property that was received when the machine was communicating with ePO, the Amcore DAT was non-compliant.

If on the last communication date, the DAT is not older than 7 days then it is compliant - Looks like the agent did not communicate with ePO. However, would suggest logging a service request with Tech support to investigate further on this.

Hope this helps.

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Steve799
Level 7
Report Inappropriate Content
Message 5 of 6

Re: AMcore compliance question.

o.k. thanks, I'll have a look at the client side.

 

Interestingly though, I've just updated the client to the latest agent (and subsequently DXL client) to the latest for Windows (5.7.5.504). Reported date/'time is today and a few minutes after install. 

I come back from lunch, i look again (refresh) at the same system and the date has changed to 02/09/20. 

Date and time of client machine/EPO are correctly in sync with the domain so unsure what's happening here but i would imagine this is also causing issues with compliance reporting.

-Steve

Steve799
Level 7
Report Inappropriate Content
Message 6 of 6

Re: AMcore compliance question.

Still ongoing with this - although client side and EPO side show AMcore as the same (and up to date), yet I've got about 15% of my pc's appear on the compliance dashboard & Protected Workspace compliance review as not being compliant for AMcore. Most odd!

 

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community