cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
filipk
Not applicable
Report Inappropriate Content
Message 1 of 5

VSE instant event push to ePO on detection?

Jump to solution

Hello,

Is there any way that VSE 880 could send notification to ePo when a detection is made?

Right now the setting is to send events in intervals of 60 minutes, we would like to keep it that way, but if a detection is made in the meantime we would want to get a notification almost instantly.

Thank you for your help!

1 Solution

Accepted Solutions
o.morel
Not applicable
Report Inappropriate Content
Message 2 of 5

Re: VSE instant event push to ePO on detection?

Jump to solution

Hello,

A malware detection is a priority event so, by default, this doesn't wait the next agent-to-server communication to be sent.

You can see your McAfee Agent policy > General > Events on your ePO.

Regards,

4 Replies
o.morel
Not applicable
Report Inappropriate Content
Message 2 of 5

Re: VSE instant event push to ePO on detection?

Jump to solution

Hello,

A malware detection is a priority event so, by default, this doesn't wait the next agent-to-server communication to be sent.

You can see your McAfee Agent policy > General > Events on your ePO.

Regards,

filipk
Not applicable
Report Inappropriate Content
Message 3 of 5

Re: VSE instant event push to ePO on detection?

Jump to solution

Hello o.morel,

So it seems the interval for priority event uploading can be set to 1 minute and no less than that?

I guess it will have to do.

Thank you for your answer.

Regards,

Filip

o.morel
Not applicable
Report Inappropriate Content
Message 4 of 5

Re: VSE instant event push to ePO on detection?

Jump to solution

Hi,

Attention, there are several aspects on this part of policy:

  1. Enable priority event forwarding: it's instant!
  2. You can configure the priority level that you want. For a detection, event ID is 1027 with SEVERITY_MAJOR level (all events ID for VSE are available at this adresse: McAfee KnowledgeBase - Complete list of Event IDs for VirusScan Enterprise)
  3. Interval between upload: the interval at which priority event uploads are forwarded to the server after the first upload. Non-priority events (such as those reporting DAT updates) are sent at the next agent-server communication.
  4. And the maximum number of events per upload.

Regards,

filipk
Not applicable
Report Inappropriate Content
Message 5 of 5

Re: VSE instant event push to ePO on detection?

Jump to solution

Thank you for the answers,

As per our testing with EICAR file and a keygen trojan, event wasnt forwarded instantly. It was forwarded when the interval between upload ran out, or we pushed the events to ePo...

McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.