cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VSE DAT update alert ePO setting for private datacenter

Is it possible to fine tune the DAT compliance period via ePO? 

The organization with private LAN has no dedicated connectivity with Internet due to security reasons. Thus, the VSE DAT updates are performing via deployed ePO and manual repository updates. The DAT updates are not occuring with per-day regularity. So, sometimes the VSE (or Agent) at workstations (Windows 10) reporting outdated protection via Windows Security chapter at Windows System Action Center (tray icon and pop-ups). 

The desired action is set the DAT-file 'lasting term' for about 1 week, not about 3 days (as set by default). Is this possible, and how the desired parameter might be found in ePO (if yes)? The only settings I found might switch the alerting off completely, which is not desired. Look at the screenshot, please.

Thank You!

6 Replies
Kenchee_etf
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: VSE DAT update alert ePO setting for private datacenter

Hello @polezhaevdmi 

May I ask what are you using to monitor compliance?

Are you using the built in "VSE: Version 8.8 Compliance" query that can be found under "Menu -> Reporting -> Queries & Reports"?

If that is the case, that specific query cannot be modified.

However, what you can do is:
01. Duplicate "VSE: Version 8.8 Compliance" query by selecting "Duplicate" on right hand side.
02. Name the your new query, for example, "My VSE compliance".
03. Now you may modify this query by selecting "Edit".
04. When opened, you may select the button "Configure Criteria".
05. Inside you may change any parameter you like.
06. Once done, click "OK" and "Save".
07. Now you may use "My VSE compliance" query instead of built in one "VSE: Version 8.8 Compliance".

I hope this helps.


Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: VSE DAT update alert ePO setting for private datacenter

Hi, @Kenchee_etf !

No, I'm using the "VSE: Current DAT Adoption" dashboard monitor (at screenshot). And the main task is not to change the monitor (or corresponding report query) behaviour, but the 'outdated DAT' alarm event parametrization. The mentioned DAT monitor (at the first glance) seems appeared based on same parameters, because the list of alert reporting system looks very close to list of DAT incompliant systems (indeed, I'm not able to check both lists line by line, but strict correlation is highly possible). I used it as illustration.

The desired goal is no 'outdated DAT' alert at endpoints, until the DAT will be older than _%parameter%_ days .

Kenchee_etf
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: VSE DAT update alert ePO setting for private datacenter

Hello @polezhaevdmi 

"VSE: Current DAT Adoption" query is similar to the one mentioned above and can be modified the same way like "VSE: Version 8.8 Compliance".

Major difference between them is that "VSE: Current DAT Adoption" is making compliance comparison with DAT version your ePO has, that doesn't have to be the latest one available aka it compares if DAT on machine is within X versions comparing to the one in your ePO repository.

Now when we are talking about alerting user itself on Windows machine done by Windows System Action Center (tray icon and pop-ups), ePO and VSE extension cannot control those alerts and, my apology I missed first screenshot, "Alert Manager" you have listed there is nothing related to Windows OS and their alerts.

Also, "Alert Manager" is old product that was EOL for many years now. So long that it's not even listed on the McAfee EOL site.

How to configure Windows System Action Center (tray icon and pop-ups) and can it be configured, is question for Microsoft.

I hope this helps.


Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: VSE DAT update alert ePO setting for private datacenter

Hi, @Kenchee_etf!


@Kenchee_etf wrote:

How to configure Windows System Action Center (tray icon and pop-ups) and can it be configured, is question for Microsoft.


From the other hand, am I right in my suspection, the alert is generated by McAfee engine (possibly, after comparing DAT file and actual system time) and further displayed by Windows Action Center?

Re: VSE DAT update alert ePO setting for private datacenter

Tried to ivestigate the possibility of such scheme:

- McAfee Engine reports the latest DAT update date only;

- Windows Action Centre compares the reported date and makes a desision about warning message.

The only configuration points I found till now are the group policy settings at path

"Computer configuration -> Policies ->Administrative templates -> Windows components -> Microsoft Defender Antivirus -> Signature Updates" with names "Define the number of days before virus definitions are considered out of date" and "Define the number of days before spyware definitions are considered out of date". Despite they are the Windows Defender Antivirus settings, it's, theoretically, possible these settings are also used in the case of Windows Antivirus replacement with McAfee. However, the default settings for these parameters, 14 days, are not correlating with actual period of warning appearance.

Kenchee_etf
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 7

Re: VSE DAT update alert ePO setting for private datacenter

Hello @polezhaevdmi 

You asked:
"From the other hand, am I right in my suspection, the alert is generated by McAfee engine (possibly, after comparing DAT file and actual system time) and further displayed by Windows Action Center?"

We do not control Windows Action Center so those messages are not generated by us. As I mentioned, we don't have any control over Windows Action Center.

Now considering your second comment about GPO configuration, unfortunately I am not expert with GPO and also I do not know what Windows Action Center underneath uses to determine AV status, so how can it be configured if it can be configured in first place is question for Microsoft Support.

I hope this helps.


Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community