cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

ENS 10.6 & ePO 5.9.1 - Scan duration queries not working

Jump to solution

There are queries in ePO for quick/full scan durations, but they come up blank. I have the threat prevention logging all the way up in the ENS Common General Options policy.

 

 

1 Solution

Accepted Solutions

Re: ENS 10.6 & ePO 5.9.1 - Scan duration queries not working

Jump to solution

Hello, if you have custom ENS on Demand scans scheduled.. they will not show up in the scan stats, only Policy based On Demand scans will.

When you schedule a Quick scan and you have a policy to scan when idle.. you want to make sure you give the scan task enough time to stop and start when user activity occurs. 

With your level of event logging for On Demand scans, you should see Scan start, stop, suspend, resume.. etc in the general Threat Event logs and each clients events logs.  However for the extra events, you need to change the Server settings event filtering to allow these events. 

You can also perform an run now task for a policy based Quick scan scan on just one computer to test this. 

Some screen shots below. 

EPO 5_10 ODS Stats Policy based scans.png

EPO 5_10 ODS Stats in System Tree.png

If you want to receive events below .. set them on (check mark) so they will be received.. In a large environment you don't want to do this for too long as it may generate too many events. 

EPO 5_10 ODS Event filtering.pngI hope this helps. 

3 Replies

Re: ENS 10.6 & ePO 5.9.1 - Scan duration queries not working

Jump to solution

ens_logging_policy.PNG

Re: ENS 10.6 & ePO 5.9.1 - Scan duration queries not working

Jump to solution

Hello, if you have custom ENS on Demand scans scheduled.. they will not show up in the scan stats, only Policy based On Demand scans will.

When you schedule a Quick scan and you have a policy to scan when idle.. you want to make sure you give the scan task enough time to stop and start when user activity occurs. 

With your level of event logging for On Demand scans, you should see Scan start, stop, suspend, resume.. etc in the general Threat Event logs and each clients events logs.  However for the extra events, you need to change the Server settings event filtering to allow these events. 

You can also perform an run now task for a policy based Quick scan scan on just one computer to test this. 

Some screen shots below. 

EPO 5_10 ODS Stats Policy based scans.png

EPO 5_10 ODS Stats in System Tree.png

If you want to receive events below .. set them on (check mark) so they will be received.. In a large environment you don't want to do this for too long as it may generate too many events. 

EPO 5_10 ODS Event filtering.pngI hope this helps. 

JKBH1
Level 9
Report Inappropriate Content
Message 4 of 4

Re: ENS 10.6 & ePO 5.9.1 - Scan duration queries not working

Jump to solution

This kind of answers the original poster's question but not really what the customer wants. 

Is there a way to get only notifications from a certain server and not all systems?

It would really be nice to get a query of when either the Quick or Full scan ran and get this added to a dashboard. Right now, it only shows only one result (which is the most current ran), which is practically useless information. We want to know if either Quick or Full scans have been running on an hourly or daily basis or whatever time we configured these with. If I go to Threat Events of a particular system, there is no way to export data. The Quick Find does not work at all. The Event Description does not say if it's a Quick or Full scan so another useless information that ePO is providing. Having granular data is important to analyze if these scans are working or not. 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community