cancel
Showing results for 
Search instead for 
Did you mean: 
filipk
Level 9
Report Inappropriate Content
Message 1 of 5

VSE instant event push to ePO on detection?

Jump to solution

Hello,

Is there any way that VSE 880 could send notification to ePo when a detection is made?

Right now the setting is to send events in intervals of 60 minutes, we would like to keep it that way, but if a detection is made in the meantime we would want to get a notification almost instantly.

Thank you for your help!

1 Solution

Accepted Solutions
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 5

Re: VSE instant event push to ePO on detection?

Jump to solution

Hello,

A malware detection is a priority event so, by default, this doesn't wait the next agent-to-server communication to be sent.

You can see your McAfee Agent policy > General > Events on your ePO.

Regards,

View solution in original post

4 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 5

Re: VSE instant event push to ePO on detection?

Jump to solution

Hello,

A malware detection is a priority event so, by default, this doesn't wait the next agent-to-server communication to be sent.

You can see your McAfee Agent policy > General > Events on your ePO.

Regards,

View solution in original post

Highlighted
filipk
Level 9
Report Inappropriate Content
Message 3 of 5

Re: VSE instant event push to ePO on detection?

Jump to solution

Hello o.morel,

So it seems the interval for priority event uploading can be set to 1 minute and no less than that?

I guess it will have to do.

Thank you for your answer.

Regards,

Filip

Former Member
Not applicable
Report Inappropriate Content
Message 4 of 5

Re: VSE instant event push to ePO on detection?

Jump to solution

Hi,

Attention, there are several aspects on this part of policy:

  1. Enable priority event forwarding: it's instant!
  2. You can configure the priority level that you want. For a detection, event ID is 1027 with SEVERITY_MAJOR level (all events ID for VSE are available at this adresse: McAfee KnowledgeBase - Complete list of Event IDs for VirusScan Enterprise)
  3. Interval between upload: the interval at which priority event uploads are forwarded to the server after the first upload. Non-priority events (such as those reporting DAT updates) are sent at the next agent-server communication.
  4. And the maximum number of events per upload.

Regards,

filipk
Level 9
Report Inappropriate Content
Message 5 of 5

Re: VSE instant event push to ePO on detection?

Jump to solution

Thank you for the answers,

As per our testing with EICAR file and a keygen trojan, event wasnt forwarded instantly. It was forwarded when the interval between upload ran out, or we pushed the events to ePo...

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community