Thank you for posting.
While creating the Query you would have selected the option from the available properties as shown in the below screenshot which will show whether the particular item is compliant or not.
If you could check your query and share a screenshot as below we will be able to help you with.
Or else you can export the query that you have created and attach it here so that we can check and suggest you.
let us know if you have any queries.
I look forward to your reply.
The query I was using had the 'On-Access Scan Enabled does not equal true' filter. This shows a result of 291 systems even though most have On-Access Scan installed and enabled...
I modified the query to use the 'On-Access Scan Compliance Status' and this returns 2105 results...
So I either have a massive problem causing the un-compliance or the filters are wrong. 🙂
Please let me know what I should check. Images attached
Thank you for sharing the screenshots, it was very helpful.
Instead of setting the "OAS enabled EQUALS True", you can make it as "OAS compliance status EQUALS Compliant" and test it. Refer attached screenshot.
Let us know if you have any queries.
Just to be clear, i'm not looking for the number of compliant systems.. I am trying to identify the un-compliant systems.
But as you requested I ran a 'Compliance true' query which returned 1573 results... which means that only 27% of my systems are compliant... (5694 total systems)
I need to know how compliance is defined... or how to fix my problem
Under system tree, you can add a column "On-Access Scan compliance status"which shows the compliant message when you save it.
This will give you more information on which machine OAS is compliant or Not.
Later you can compare the query result.
Refer below screenshot.
I have already done this...
The results in the table do reflect the graph.
The problem I have is that I need to know WHY these are appearing as 'Non-Compliant'.
From what I can tell, they should be compliant.
The products are installed with policies that set the product to active..
Hello @SPDA-SKIDATA ,
Have you already had a look at what you can see when you browse to a system that is not compliant and go to the "Products" tab "Endpoint Security Threat Prevention - On-Access Scan".
My screenshot shows a compliant machine:
I think @SPDA-SKIDATA would like to see an equivalent page to https://kc.mcafee.com/corporate/index?page=content&id=KB90853&locale=en_US "How on-demand scan compliance is determined" for On-Access scan.
Yes. Exactly, something equivelent to that article.
I looked at the areas you showed in your screenshot which does highlight an interesting point. The query returns a 'non-compliant' status but when looking directly at the product, it shows 'Compliant'...
Weird stuff going on here.. maybe I need to turn this thread into a service ticket..