cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
clicnam
Level 8
Report Inappropriate Content
Message 1 of 9
‎11-26-2018 10:26 PM

How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

Hi

 

I'm running McAfee EPO 5.9.1 and ENS 10.6 running on our laptops.

I've been tasked to run a scan on a group of laptops hard drive and identify which of them has an excel file called password.xlsx on the hard drive.

Is this possible? Can i run a McAfee scan from EPO to search for a file type or file name on my computers?

 

Thanks

 

 

0 Kudos
Reply
2 Solutions

Accepted Solutions
jess_arman
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 9
‎11-27-2018 05:52 AM

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution
@chealey wrote:

Within the ENS TP options policy you can define "password.xlsx" as a potentially unwanted program - this would detect and remove any files called "password.xlsx" (depending on  your settings within your OAS of course)

@clicnam If following chealey's accurate suggestion (this would be the only method available to acheive your goal) and you do not want the searched for password.xlsx file to be deleted and quarantined, but only to get a detection to designate if it exists on an endpoint, then you will need to modify the ODS settings for the scan you're using.

       Under "unwanted program first/second response" change the settings to take an action of either "continue scanning" and "continue scanning" OR "clean" and "continue scanning" (since the file is benign, the "clean" will fail as there is nothing to clean, and then the file will remain unmodified). 
     
     If the intent for your search is to remove, then no other changes need to be made other than designating this file as a PUP, as originally described.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

 

View solution in original post

Reply
jess_arman
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 9
‎12-03-2018 06:05 AM

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

@clicnam Ensure that you are utilizing a Policy Based ODS Full Scan task. If you instead use a Custom ODS Task it will not honor your policy configuration, you must used Policy Based to follow policy.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

Reply
8 Replies
vnaidu
MVP
Report Inappropriate Content
Message 2 of 9
‎11-26-2018 11:52 PM

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

Scan a specific file or folder on a client system

To immediately scan an individual file or folder that you suspect is infected, right-click in Windows Explorer.

The behavior of the Right-Click Scan depends on how the settings are configured. With administrator credentials, you can change these scans in the On-Demand Scan settings.

Task
  1. In Windows Explorer, right-click the file or folder to scan and select Scan for threats from the pop-up menu.
    Endpoint Security Client displays the status of the scan in the Scan for threats page.
  2. Click buttons at the top of the page to control the scan.
     
    Pause ScanPauses the scan before it completes.
    Resume ScanResumes a paused scan.
    Cancel ScanCancels a running scan.
  3. When the scan completes, the page displays the number of files scanned, time elapsed, and any detections.
     
    Detection NameIdentifies the name of the detected malware.
    TypeDisplays the threat type.
    FileIdentifies the infected file.
    Action TakenDescribes the last security action taken on the infected file:
    • Access Denied
    • Cleaned
    • Deleted
    • None

    The on-demand scan detection list is cleared when the next on-demand scan starts.

  4. Select a detection in the table, then click Clean or Delete to clean or delete the infected file.

    Depending on the threat type and scan settings, these actions might not be available.

  5. Click Close to close the page.
Venu
0 Kudos
Reply
chealey
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 9
‎11-27-2018 01:20 AM

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

Within the ENS TP options policy you can define "password.xlsx" as a potentially unwanted program - this would detect and remove any files called "password.xlsx" (depending on  your settings within your OAS of course)

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Reply
vnaidu
MVP
Report Inappropriate Content
Message 4 of 9
‎11-27-2018 01:30 AM

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

Excellent, i never got this thought. Thanks Chealey.

Venu
0 Kudos
Reply
jess_arman
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 9
‎11-27-2018 05:52 AM

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution
@chealey wrote:

Within the ENS TP options policy you can define "password.xlsx" as a potentially unwanted program - this would detect and remove any files called "password.xlsx" (depending on  your settings within your OAS of course)

@clicnam If following chealey's accurate suggestion (this would be the only method available to acheive your goal) and you do not want the searched for password.xlsx file to be deleted and quarantined, but only to get a detection to designate if it exists on an endpoint, then you will need to modify the ODS settings for the scan you're using.

       Under "unwanted program first/second response" change the settings to take an action of either "continue scanning" and "continue scanning" OR "clean" and "continue scanning" (since the file is benign, the "clean" will fail as there is nothing to clean, and then the file will remain unmodified). 
     
     If the intent for your search is to remove, then no other changes need to be made other than designating this file as a PUP, as originally described.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

 

View solution in original post

Reply
clicnam
Level 8
Report Inappropriate Content
Message 6 of 9
‎11-27-2018 03:44 PM

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

Can you confirm if I'm in the right directions

 

1. Create a new On-Demand Scan policy under Endpoint Security Treat Prevention. Or do I need to create On-Access policy?

2018-11-28 10_40_37-ePolicy Orchestrator 5.9.1 - Internet Explorer.png

 

2. I cannot see anywhere to specify the file name to scan. I can only see file types.

 

2018-11-28 10_43_05-ePolicy Orchestrator 5.9.1 - Internet Explorer.png

 

0 Kudos
Reply
vnaidu
MVP
Report Inappropriate Content
Message 7 of 9
‎11-27-2018 06:00 PM

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

Dear clicnam

You will need to first declare the password.xlsx as PUP in ENS TP Options. Then you will have the create the ODS scan accordingly. Please find the screenshots for your reference.pupdeclaration.pngods scan.png

 

I hope this helps. May be you can try and let me know.

Regards,

Venu
Reply
clicnam
Level 8
Report Inappropriate Content
Message 8 of 9
‎12-02-2018 03:57 PM

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

Hello

I've followed your instructions and it's NOT working...

This is what I did....

1. Created a custom ENS TP Options policy and added the name of the spreadsheet in the PUP.

2018-12-03 10_54_42-2018-12-03 10_48_08-ePolicy Orchestrator 5.9.1 - Internet Explorer.png ‎- Photos.png

 

 

2. Created a custom ENS TP On Demand Scan policy

2018-12-03 10_49_40-ePolicy Orchestrator 5.9.1 - Internet Explorer.png

2018-12-03 10_50_25-ePolicy Orchestrator 5.9.1 - Internet Explorer.png

 

3. Apply these two policies to a test machine

4. Created a spreadsheet with same name as the one in the PUP in picture 1 on the test machine desktop

5 Run a client task on the test machine to initiate a full on demand scan.

6. EPO didn't detect the spreadsheet file.

 

Am i missing something?

 

0 Kudos
Reply
jess_arman
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 9
‎12-03-2018 06:05 AM

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

@clicnam Ensure that you are utilizing a Policy Based ODS Full Scan task. If you instead use a Custom ODS Task it will not honor your policy configuration, you must used Policy Based to follow policy.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC