cancel
Showing results for 
Search instead for 
Did you mean: 

VirusScan Enterprise 8.7i - verify managed full scan ran

I am running ePO 4.0 and VirusScan Enterprise 8.7i, and I have scheduled full scans to run on the weekends.  The scans seem to run fine, but they only way I can verify it is by logging on to each individual machine.  Is there a way in ePO to determine whether the scan ran or not, and even see the results without having to login to the local machine?  I have reports that show me incidents for on-access scans, but I just can't seem to get the results for a full audit scan.  Maybe I need a custom query?

4 Replies
akl71
Level 10
Report Inappropriate Content
Message 2 of 5

Re: VirusScan Enterprise 8.7i - verify managed full scan ran

The McAfee Agent generates an event for a successful on demand scan, Event ID: "1203: On Demand scan complete (Info)" so you only need to make a query against this event id.

Maybe you need to activate this event under event filtering first (menu->configuration->server settings->event filtering)

Re: VirusScan Enterprise 8.7i - verify managed full scan ran

Is this an ePO event, or is this event logged to one of the Windows Event logs (Application, I would assume)?

Re: VirusScan Enterprise 8.7i - verify managed full scan ran

Re: VirusScan Enterprise 8.7i - verify managed full scan ran

Thank you smalldog. This post by Jeremy Stanley in this thread (http://community.mcafee.com/message/96527#96527) was very helpful:

"Currently we do not have a default  report that you can run to determine the success/failure of a VSE ODS.  This would be a good Feature Modification request if you would like to  submit one. In the meantime thier is a way you create such a report:

1.  Create a "Scan Completed" tag.
2.   Create a report to pull a list of all managed systems.
3.  Create a  report to pull all 1203 events within the past <however often the ODS  scan runs>.
4.  Create a server automation task.
        a.   Have the task run the query from number 2 to pull all systems and clear  the "Scan Completed" tag.
        b.  Have the task run the query  from number 3 to pull the 1203 events and apply the "Scan Completed" tag  to all systems returned.
        b.  Schedule the task run after  each on demand scan.
5.  Create a boolean chart report that shows  machines with the "Scan Completed" tag as compliant, and all other  machines as non-compliant."