cancel
Showing results for 
Search instead for 
Did you mean: 

How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

Hi

 

I'm running McAfee EPO 5.9.1 and ENS 10.6 running on our laptops.

I've been tasked to run a scan on a group of laptops hard drive and identify which of them has an excel file called password.xlsx on the hard drive.

Is this possible? Can i run a McAfee scan from EPO to search for a file type or file name on my computers?

 

Thanks

 

 

2 Solutions

Accepted Solutions
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 5 of 9

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

@chealey wrote:

Within the ENS TP options policy you can define "password.xlsx" as a potentially unwanted program - this would detect and remove any files called "password.xlsx" (depending on  your settings within your OAS of course)


@clicnam If following chealey's accurate suggestion (this would be the only method available to acheive your goal) and you do not want the searched for password.xlsx file to be deleted and quarantined, but only to get a detection to designate if it exists on an endpoint, then you will need to modify the ODS settings for the scan you're using.

       Under "unwanted program first/second response" change the settings to take an action of either "continue scanning" and "continue scanning" OR "clean" and "continue scanning" (since the file is benign, the "clean" will fail as there is nothing to clean, and then the file will remain unmodified). 
     
     If the intent for your search is to remove, then no other changes need to be made other than designating this file as a PUP, as originally described.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

 

McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 9 of 9

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

@clicnam Ensure that you are utilizing a Policy Based ODS Full Scan task. If you instead use a Custom ODS Task it will not honor your policy configuration, you must used Policy Based to follow policy.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

8 Replies
vnaidu
Level 11
Report Inappropriate Content
Message 2 of 9

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

Scan a specific file or folder on a client system

To immediately scan an individual file or folder that you suspect is infected, right-click in Windows Explorer.

The behavior of the Right-Click Scan depends on how the settings are configured. With administrator credentials, you can change these scans in the On-Demand Scan settings.

Task
  1. In Windows Explorer, right-click the file or folder to scan and select Scan for threats from the pop-up menu.
    Endpoint Security Client displays the status of the scan in the Scan for threats page.
  2. Click buttons at the top of the page to control the scan.
     
    Pause ScanPauses the scan before it completes.
    Resume ScanResumes a paused scan.
    Cancel ScanCancels a running scan.
  3. When the scan completes, the page displays the number of files scanned, time elapsed, and any detections.
     
    Detection NameIdentifies the name of the detected malware.
    TypeDisplays the threat type.
    FileIdentifies the infected file.
    Action TakenDescribes the last security action taken on the infected file:
    • Access Denied
    • Cleaned
    • Deleted
    • None

    The on-demand scan detection list is cleared when the next on-demand scan starts.

  4. Select a detection in the table, then click Clean or Delete to clean or delete the infected file.

    Depending on the threat type and scan settings, these actions might not be available.

  5. Click Close to close the page.
Venu
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 3 of 9

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

Within the ENS TP options policy you can define "password.xlsx" as a potentially unwanted program - this would detect and remove any files called "password.xlsx" (depending on  your settings within your OAS of course)

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
vnaidu
Level 11
Report Inappropriate Content
Message 4 of 9

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

Excellent, i never got this thought. Thanks Chealey.

Venu
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 5 of 9

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

@chealey wrote:

Within the ENS TP options policy you can define "password.xlsx" as a potentially unwanted program - this would detect and remove any files called "password.xlsx" (depending on  your settings within your OAS of course)


@clicnam If following chealey's accurate suggestion (this would be the only method available to acheive your goal) and you do not want the searched for password.xlsx file to be deleted and quarantined, but only to get a detection to designate if it exists on an endpoint, then you will need to modify the ODS settings for the scan you're using.

       Under "unwanted program first/second response" change the settings to take an action of either "continue scanning" and "continue scanning" OR "clean" and "continue scanning" (since the file is benign, the "clean" will fail as there is nothing to clean, and then the file will remain unmodified). 
     
     If the intent for your search is to remove, then no other changes need to be made other than designating this file as a PUP, as originally described.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

 

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

Can you confirm if I'm in the right directions

 

1. Create a new On-Demand Scan policy under Endpoint Security Treat Prevention. Or do I need to create On-Access policy?

2018-11-28 10_40_37-ePolicy Orchestrator 5.9.1 - Internet Explorer.png

 

2. I cannot see anywhere to specify the file name to scan. I can only see file types.

 

2018-11-28 10_43_05-ePolicy Orchestrator 5.9.1 - Internet Explorer.png

 

vnaidu
Level 11
Report Inappropriate Content
Message 7 of 9

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

Dear clicnam

You will need to first declare the password.xlsx as PUP in ENS TP Options. Then you will have the create the ODS scan accordingly. Please find the screenshots for your reference.pupdeclaration.pngods scan.png

 

I hope this helps. May be you can try and let me know.

Regards,

Venu

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

Hello

I've followed your instructions and it's NOT working...

This is what I did....

1. Created a custom ENS TP Options policy and added the name of the spreadsheet in the PUP.

2018-12-03 10_54_42-2018-12-03 10_48_08-ePolicy Orchestrator 5.9.1 - Internet Explorer.png ‎- Photos.png

 

 

2. Created a custom ENS TP On Demand Scan policy

2018-12-03 10_49_40-ePolicy Orchestrator 5.9.1 - Internet Explorer.png

2018-12-03 10_50_25-ePolicy Orchestrator 5.9.1 - Internet Explorer.png

 

3. Apply these two policies to a test machine

4. Created a spreadsheet with same name as the one in the PUP in picture 1 on the test machine desktop

5 Run a client task on the test machine to initiate a full on demand scan.

6. EPO didn't detect the spreadsheet file.

 

Am i missing something?

 

McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 9 of 9

Re: How to scan for a specific file on a computer running ENS 10.6 from McAfee EPO

Jump to solution

@clicnam Ensure that you are utilizing a Policy Based ODS Full Scan task. If you instead use a Custom ODS Task it will not honor your policy configuration, you must used Policy Based to follow policy.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.