cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

What will be the proper figure to show? McAfee AV report

Jump to solution

I was task to create a report on our McAfee Antivirus.  I have generated a report pertaining to threats/ Malware handled by McAfee for the past 3 months and its summing up only to tens to less than a  hundred incidents. Which I think is good.  I came across a report in McAfee that shows threats handled automatically and it sums up to 47 million... which was highly declined by my manager.  my question is ... if they are looking for Number of AV reported for the past 3 months? Am I safe to say my first statement? ( close to a hundred)  I am confused and that I might be providing an incorrect figure on the report most specially it is for accreditation? please advice.   

using McAfee ePO 5.3.2 

For 47M automatically threat handled its just a huge number? 

1 Solution

Accepted Solutions
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 3

Re: What will be the proper figure to show? McAfee AV report

Jump to solution

The queries that are built into ePO are great. But, the net is way too wide to be a practical report to show to management. You are going to have to duplicate one of these default queries and apply some filters to get down to what you are most interested in and something that appears reasonable.

Take a look at a couple of these built-in queries:

 
"Threat Event Descriptions in the Last 24 Hours"
"Most Numerous Threat Event Descriptions"
Then copy, and filter out the stuff like "Invalid calls", and stuff that has nothing to do with detections, like scan starts and stops, etc. 
Of course, you will also want to change the time frame. I also like to add the event ID column to my queries, as I can use it in subsequent filtering.
Once you get a query that looks reasonable, you can add it to a PDF report, or just leave it as a query and have it emailed automatically every quarter., or whatever the chosen interval is.
Personally, I have a report that goes out monthly. I have a couple of different queries and graphs in it. I like to show the top detections, the top offenders (systems), The top offenders (users) as well as all Artemis, and trojan detections. So, there really is no hard and fast rule. You just have to spend a little time configuring a report that works for your organization.
Cheers!
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

2 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 3

Re: What will be the proper figure to show? McAfee AV report

Jump to solution

The queries that are built into ePO are great. But, the net is way too wide to be a practical report to show to management. You are going to have to duplicate one of these default queries and apply some filters to get down to what you are most interested in and something that appears reasonable.

Take a look at a couple of these built-in queries:

 
"Threat Event Descriptions in the Last 24 Hours"
"Most Numerous Threat Event Descriptions"
Then copy, and filter out the stuff like "Invalid calls", and stuff that has nothing to do with detections, like scan starts and stops, etc. 
Of course, you will also want to change the time frame. I also like to add the event ID column to my queries, as I can use it in subsequent filtering.
Once you get a query that looks reasonable, you can add it to a PDF report, or just leave it as a query and have it emailed automatically every quarter., or whatever the chosen interval is.
Personally, I have a report that goes out monthly. I have a couple of different queries and graphs in it. I like to show the top detections, the top offenders (systems), The top offenders (users) as well as all Artemis, and trojan detections. So, there really is no hard and fast rule. You just have to spend a little time configuring a report that works for your organization.
Cheers!
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

Highlighted

Re: What will be the proper figure to show? McAfee AV report

Jump to solution

Many Thanks , 

I just need to understand each filter and what it does to categories my scan and results.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community