cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How is Endpoint Security 'Compliance' defined

Hi there, I have setup a query displayed in a dashboard to highlight any systems that have agent communication but not active Endpoint Security policies. This query seemed to be working well, but I believe it started playing up around the time we updated our environment to ePO v5.10.0. A large number of systems are appearing as 'non-compliant' for various Endpoint Security products even though they have the latest products installed and active policies assigned... This leads me to pose the question: What factors contibute to a product being 'Compliant' or not? Or perhaps there is a better way for me to identify systems that are not correctly configured.
11 Replies
Dayananda
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 12

Re: How is Endpoint Security 'Compliance' defined

Hello,

Thank you for posting.

While creating the Query you would have selected the option from the available properties as shown in the below screenshot which will show whether the particular item is compliant or not.
If you could check your query and share a screenshot as below we will be able to help you with.

Or else you can export the query that you have created and attach it here so that we can check and suggest you.

let us know if you have any queries.

I look forward to your reply.

 

01_Compliant_options_.PNG

 

Regards,
Daya

Re: How is Endpoint Security 'Compliance' defined

Thanks Daya!

The query I was using had the 'On-Access Scan Enabled does not equal true' filter. This shows a result of 291 systems even though most have On-Access Scan installed and enabled...


I modified the query to use the 'On-Access Scan Compliance Status' and this returns 2105 results... 
So I either have a massive problem causing the un-compliance or the filters are wrong. 🙂

Please let me know what I should check. Images attached

Dayananda
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 12

Re: How is Endpoint Security 'Compliance' defined

Hello,

Thank you for sharing the screenshots, it was very helpful.

 

Instead of setting the "OAS enabled EQUALS True", you can make it as "OAS compliance status EQUALS Compliant" and test it. Refer attached screenshot.

 

Let us know if you have any queries. 

 

02_Compliant_options_.PNG

 

 

Regards,
Daya

Re: How is Endpoint Security 'Compliance' defined

Hi Daya,

Just to be clear, i'm not looking for the number of compliant systems.. I am trying to identify the un-compliant systems.

But as you requested I ran a 'Compliance true' query which returned 1573 results... which means that only 27% of my systems are compliant... (5694 total systems)

 

I need to know how compliance is defined... or how to fix my problem

Dayananda
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 12

Re: How is Endpoint Security 'Compliance' defined

Hello,

 

Under system tree, you can add a column "On-Access Scan compliance status"which shows the compliant message when you save it.

 

This will give you more information on which machine OAS is compliant or Not.

Later you can compare the query result.

 

Refer below screenshot.

03_Compliant_options_.PNG

Regards,
Daya

Re: How is Endpoint Security 'Compliance' defined

Hi,

I have already done this...
The results in the table do reflect the graph. 


The problem I have is that I need to know WHY these are appearing as 'Non-Compliant'. 
From what I can tell, they should be compliant.

The products are installed with policies that set the product to active..

ezim
Level 9
Report Inappropriate Content
Message 8 of 12

Re: How is Endpoint Security 'Compliance' defined

Hello @SPDA-SKIDATA ,

Have you already had a look at what you can see when you browse to a system that is not compliant and go to the "Products" tab "Endpoint Security Threat Prevention - On-Access Scan".

My screenshot shows a compliant machine:

Compliant.jpg

ezim
Level 9
Report Inappropriate Content
Message 9 of 12

Re: How is Endpoint Security 'Compliance' defined

@Dayananda 

I think @SPDA-SKIDATA would like to see an equivalent page to https://kc.mcafee.com/corporate/index?page=content&id=KB90853&locale=en_US "How on-demand scan compliance is determined" for On-Access scan.

Re: How is Endpoint Security 'Compliance' defined

Thanks Ezim!

Yes. Exactly, something equivelent to that article.

I looked at the areas you showed in your screenshot which does highlight an interesting point. The query returns a 'non-compliant' status but when looking directly at the product, it shows 'Compliant'...

1.jpg

 

Weird stuff going on here.. maybe I need to turn this thread into a service ticket..

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community