cancel
Showing results for 
Search instead for 
Did you mean: 
filipk
Level 7
Report Inappropriate Content
Message 1 of 5

VSE instant event push to ePO on detection?

Jump to solution

Hello,

Is there any way that VSE 880 could send notification to ePo when a detection is made?

Right now the setting is to send events in intervals of 60 minutes, we would like to keep it that way, but if a detection is made in the meantime we would want to get a notification almost instantly.

Thank you for your help!

1 Solution

Accepted Solutions

Re: VSE instant event push to ePO on detection?

Jump to solution

Hello,

A malware detection is a priority event so, by default, this doesn't wait the next agent-to-server communication to be sent.

You can see your McAfee Agent policy > General > Events on your ePO.

Regards,

4 Replies

Re: VSE instant event push to ePO on detection?

Jump to solution

Hello,

A malware detection is a priority event so, by default, this doesn't wait the next agent-to-server communication to be sent.

You can see your McAfee Agent policy > General > Events on your ePO.

Regards,

filipk
Level 7
Report Inappropriate Content
Message 3 of 5

Re: VSE instant event push to ePO on detection?

Jump to solution

Hello o.morel,

So it seems the interval for priority event uploading can be set to 1 minute and no less than that?

I guess it will have to do.

Thank you for your answer.

Regards,

Filip

Re: VSE instant event push to ePO on detection?

Jump to solution

Hi,

Attention, there are several aspects on this part of policy:

  1. Enable priority event forwarding: it's instant!
  2. You can configure the priority level that you want. For a detection, event ID is 1027 with SEVERITY_MAJOR level (all events ID for VSE are available at this adresse: McAfee KnowledgeBase - Complete list of Event IDs for VirusScan Enterprise)
  3. Interval between upload: the interval at which priority event uploads are forwarded to the server after the first upload. Non-priority events (such as those reporting DAT updates) are sent at the next agent-server communication.
  4. And the maximum number of events per upload.

Regards,

filipk
Level 7
Report Inappropriate Content
Message 5 of 5

Re: VSE instant event push to ePO on detection?

Jump to solution

Thank you for the answers,

As per our testing with EICAR file and a keygen trojan, event wasnt forwarded instantly. It was forwarded when the interval between upload ran out, or we pushed the events to ePo...