I am running ePO 4.0 and VirusScan Enterprise 8.7i, and I have scheduled full scans to run on the weekends. The scans seem to run fine, but they only way I can verify it is by logging on to each individual machine. Is there a way in ePO to determine whether the scan ran or not, and even see the results without having to login to the local machine? I have reports that show me incidents for on-access scans, but I just can't seem to get the results for a full audit scan. Maybe I need a custom query?
The McAfee Agent generates an event for a successful on demand scan, Event ID: "1203: On Demand scan complete (Info)" so you only need to make a query against this event id.
Maybe you need to activate this event under event filtering first (menu->configuration->server settings->event filtering)
You can read this http://community.mcafee.com/message/96527#96527 and this http://community.mcafee.com/thread/21399?start=0&tstart=0 for your problems.
"Currently we do not have a default report that you can run to determine the success/failure of a VSE ODS. This would be a good Feature Modification request if you would like to submit one. In the meantime thier is a way you create such a report:
1. Create a "Scan Completed" tag.
2. Create a report to pull a list of all managed systems.
3. Create a report to pull all 1203 events within the past <however often the ODS scan runs>.
4. Create a server automation task.
a. Have the task run the query from number 2 to pull all systems and clear the "Scan Completed" tag.
b. Have the task run the query from number 3 to pull the 1203 events and apply the "Scan Completed" tag to all systems returned.
b. Schedule the task run after each on demand scan.
5. Create a boolean chart report that shows machines with the "Scan Completed" tag as compliant, and all other machines as non-compliant."