Showing results for 
Search instead for 
Did you mean: 
Level 13
Report Inappropriate Content
Message 1 of 6

Fetching data from epo


I've installed the all-in-one ESM, receiver, logger virtual appliance and now I'm playing around with it. I've tried adding epo as a source of events, but it just shows up as inactive. I can tell you that I have plenty of threat, audit, client and server events.


This is how it's configured:


Testing the connection to the data source shows up as successful. Also, for the Microsoft Event log I can schedule a pull internval (default 10 minutes), but here I don't have that option.

Any help is greatly appreciated!

5 Replies
siemchris McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Fetching data from epo

Hi georgec

That configuration looks good and it looks like the client data sources have been created too so there is a conection to the epo DB. You did not mention the version of ESM that you are running and if its a version prior to 9.1.3 you may have found a bug which is fixed in 9.1.3. Also, if you look at the Status of the device from ESM > Properties is there an error for epo not running?

My recommendation is to log this problem as a support ticket and we can work with you to address this problem and get it resolved ASAP.



Re: Fetching data from epo

Hi all,

bumping this old thread beacause I'm experiencing a similar problem. I successfully added ePo source to McAfee ESM (virtual aplliance v9.1.3) somewhat two weeks ago. The client data sources have been created but the ESM is retrieving an unsatisfying number of events from ePo. For instance I'm not getting any events from McAfee DLP. I'm interested in general what I can get out of ePo but I'm especially focused on DLP.

1. Which events are supposed to be retrieved by the ESM? I have lots of events showing up in various ePo views - should all of them be retrieved by ESM?

2. Should I configure something in ePo? (Right now I simply added the ePo source in ESM, tested the connection and retrieved client data sources).

For the moment I received two types of events from McAfee VirusScan source: 'Update successful' and 'Deployment failed'. ESM also discovered these client sources, for which I've also received nothing:

ePo Orchestrator Agent

McAfee Host Data Loss Prevention

McAfee Host Intrusion Prevention

McAfee Site Advisor



Re: Fetching data from epo

you have to update to the latest hotfix GA 11 on 9.1.3, It should fix the problem your having.

Level 13
Report Inappropriate Content
Message 5 of 6

Re: Fetching data from epo

Is this done from the GUI? I have a reseller grant number and I can only the the VM options for download. I don't have any updates for download, only the 9.1.3. vm build images.

Found an update button, but it says I need to upload the files from my machine...

Level 11
Report Inappropriate Content
Message 6 of 6

Re: Fetching data from epo

Georgec - if you need a hotfix for the ESM devices, you have to ask the McAfee Support about them. There is no way to download it from the Download Products portal.


Artur Sadownik

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community