cancel
Showing results for 
Search instead for 
Did you mean: 
rdefino
Level 7
Report Inappropriate Content
Message 1 of 10

How can I tell if a on-demand scan has kicked off

I have some systems running 8.7i. What log do I look at to see if the on-demand scan has run on a system?

Thanks

9 Replies
Highlighted

Re: How can I tell if a on-demand scan has kicked off

Hi,

You can check the ondemandscan log.

File Name: OnDemandScanLog.txt

File Location: C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

Re: How can I tell if a on-demand scan has kicked off

svarghese wrote:

Hi,

You can check the ondemandscan log.

File Name: OnDemandScanLog.txt

File Location: C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

Hi in addition to this, You can also open up the Virus Scan Console and see the remarks. If you had scheduled a scan, you will see the time stamp when it was run last time.

Sameer

Regis
Level 12
Report Inappropriate Content
Message 4 of 10

Re: How can I tell if a on-demand scan has kicked off

If you're like me, you probably wanna see this remotely without having to get on the box.

2 ways:

1)  scrape the agent log  http://hostname:8081    and look for  the "Invoking task"  string  

2)  From ePO...  to do this, you need to enable the sending of applicable event id's for scan start and scan complete from the agent to the ePO server.  They're disabled by default. Menu>configuration>server settings > Event Filtering  ; look for tiny edit button way at bottom right of screen,  and checkmark the events I mention below. 

3)  Create a new query against Threat Events that uses this criteria

((Event ID Equals 1202 or Event ID Equals 1203 or Event ID Equals 1034 or Event ID Equals 1035 or Event ID Equals 1037 or Event ID Equals 1059 or Event ID Equals 1038 ) and Event Generated Time (UTC) Is within the last 4 Hours)

4)  Note also that you'll need to do a "wake up agents" on the applicable hosts before checking because the agents won't send these event asynchronously like they would a virus alert.    Then the report above should give you scan start and end events as some reassurance an ODS actually ran.

Re: How can I tell if a on-demand scan has kicked off

How can I tell scan is currently running on the client.

McAfee Employee wwarren
McAfee Employee
Report Inappropriate Content
Message 6 of 10

Re: How can I tell if a on-demand scan has kicked off


priyanksharma wrote:



How can I tell scan is currently running on the client.


On x86 systems, Scan32.exe will be a running process.

On x64 systems, Scan64.exe will be a running process.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee

Re: How can I tell if a on-demand scan has kicked off

Hi wwarren,

Thanks for reply.

Actually I was asking how to see scanning is running or not at system on ePO, which we initiated by going Actions>run client task now> Weekly on demand etc etc

McAfee Employee wwarren
McAfee Employee
Report Inappropriate Content
Message 8 of 10

Re: How can I tell if a on-demand scan has kicked off

ePO can only report on what clients have updated it with, i.e. via events that clients send to ePO.

ePO is not a "real time" view of the environment, and, it's only as accurate a view of data inasmuch as client systems are providing accurate data to ePO.

What you're looking for is a PER of some kind, to enable ePO to give you that type of real-time view of the client. But, since ePO is only aware of data as provided through client-reported events, what you're really asking for is for Client machines to send "ping" type events to ePO that say "ODS is running"... which probably will get rejected, because something like that could easily bring down a corporate network.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
McAfee Employee jappell
McAfee Employee
Report Inappropriate Content
Message 9 of 10

Re: How can I tell if a on-demand scan has kicked off

IF you want to know if it completed, see KB69428

Re: How can I tell if a on-demand scan has kicked off

So it means we need to be dependent upon the quires and reports....

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community