cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor wouterr
Reliable Contributor
Report Inappropriate Content
Message 1 of 5

how to centrally monitor unresponsive ENS modules

Jump to solution

Hi All,

 

do any of you know if it is possible to monitor the status of your individual ENS modules (ESP/TP/ATP/FW) trough epo and/or Mcafee SIR for platform errors like following:

mfeatp(4320.7164) <SYSTEM> Orchestrator.OES.Error (scan_orchestrator.cpp:141): ATP is taking more than usually expected time to process events

McTray.McTrayUPC.Error (TechnologyTopicHandler.cpp:213): Exploit Prevention is not responding.

McTray.McTrayUPC.Error (TechnologyTopicHandler.cpp:213): On-Access Scan is not responding.

....

 

 

 

 

 

 

1 Solution

Accepted Solutions
McAfee Employee akatt
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: how to centrally monitor unresponsive ENS modules

Jump to solution

There are default compliance reports that can be used within ePO.  I have listed a couple below, using their default query names:

Endpoint Security Threat Prevention: Exploit Prevention Compliance Status
Endpoint Security Threat Prevention: On-Access Scan Compliance Status

Have a peek at these, and let us know if these would be helpful for you.

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

4 Replies
McAfee Employee akatt
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: how to centrally monitor unresponsive ENS modules

Jump to solution

There are default compliance reports that can be used within ePO.  I have listed a couple below, using their default query names:

Endpoint Security Threat Prevention: Exploit Prevention Compliance Status
Endpoint Security Threat Prevention: On-Access Scan Compliance Status

Have a peek at these, and let us know if these would be helpful for you.

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Highlighted
Reliable Contributor wouterr
Reliable Contributor
Report Inappropriate Content
Message 3 of 5

Re: how to centrally monitor unresponsive ENS modules

Jump to solution

Thanks, forgot about compliancy tags :-)

 

do we have simmilar queries for ATP?

McAfee Employee akatt
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: how to centrally monitor unresponsive ENS modules

Jump to solution

Interestingly enough, I am not seeing a similar query for ATP status, or Real-Protect status. However, it might help to have a custom query that reports on the connectivity status of ATP. So, if ATP is disabled, and therefore not connected, we could report on this aspect.

It would require:

Creating a new query for Managed Systems
Selecting the Boolean Pie Chart
Clicking on the "Configure Criteria" button underneath the picture of the pie chart
Underneath the Endpoint Security Adaptive Threat Protection Systems heading, select the "Connection Status" as a criteria
Within the Connection Status criteria (now added) options, select Equals, and then choose one of the connection types that fits the environment
-Example: Choose GTI Connectivity Only, if the environment is not using a TIE server

The filters can then be tweaked as needed.

The idea would be that if ATP is running, and also we expect ATP to have GTI connectivity, this query would show us the systems that are compliant/non-compliant. As such, as system that somehow loses ATP (maybe it gets disabled), and therefore shows "no connectivity," should appear on the red portion (non-compliant) of the query results.

We can also check internally, and if we discover an easier method we can update the post. If there is not an easier method, we can certainly submit an enhancement request to the ATP engineering team, to see about adding something in a future release.


Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 5 of 5

Re: how to centrally monitor unresponsive ENS modules

Jump to solution

@akatt

Excellent Aaron, this post was really helpful to my requirement as well.

Thank you very much for your extended help.

Venu
ePO Support Center Plug-in
Check out the new ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.