Scenario: Red event alert showing in Agent status monitor randomly and then automatically get fix next within 2 to 3 sec. Not able to track like when: it will happen. So that required log can collect at the time of issue occurs. McAfee is asking to collect log at the time issue occur within 10 min, Which is not possible practically. No one is going to keep eye on Agent Status monitor continuously.

Query: Is there any feature in McAfee which give a pop-up message to the endpoint node Like Your system having red alert regarding "Agent failed to send events / Agent failed to communicate with ePO servers"? Is there any kind of Shell script, which we can use on an affected system to keep monitoring and give a pop-up message once red event found in Agent Status monitor?

Conclusion: Once the pop-up message appears on screen post red event detected in Agent status monitor. Then the user can collect the required log, data or any file as Mcafee requesting for a further investigation.