cancel
Showing results for 
Search instead for 
Did you mean: 

Why doesn't the last communication field update in the VSE: Detection Response Summary work?

Team

I have been tracking about eight (8) systems that were reported as having infected files that Mcafee could not handle.  Some of the systems were re-imaged and added back to the network.  I verified that they were back on the network.  In the VSE: Detection Response Summary, it still shows that the system is still there with a very old "Last Communication" date and time.

How is data in this query and others updated so that as systems that get re-mediated and added back to the network, we don't succumb to false reporting?

Is there a refresh procedure or something that will allow systems that are re-mediated to fall off the queries and report (VSE: Detection Response Summary -- not handled)?

Thanks

Jawsajr

4 Replies

Re: Why doesn't the last communication field update in the VSE: Detection Response Summary work?

It will shows as it was reported on previous days and Query to taking data from DB, Better purge that machine threat event log through ePO server task.

  1. Create a threat events query where define that machine events only under filter tab.
  2. Now navigate to ePO server task and give below action as per screen shot.
    ScreenShot_ 07.23 04-Mar-15.jpg
  3. Once server task create, Manually run the task. It will delete all the records for particular that machine. Refer below an example of server task log.
    ScreenShot_ 07.22 04-Mar-15.jpg
  4. Once done, That machine will not come again in threat detection report.

Re: Why doesn't the last communication field update in the VSE: Detection Response Summary work?

Thanks

Re: Why doesn't the last communication field update in the VSE: Detection Response Summary work?

"with a very old "Last Communication" date and time" leads me to believe you also now have two systems/objects in ePO (One old/infected and one new/reimaged)  If you're not cleaning up duplicates, you will probably want to delete the old system from ePO, especially if you are monitoring things like DAT compliance.  There is a pre-defined Query called Duplicate System Names to make it easier to find.

Re: Why doesn't the last communication field update in the VSE: Detection Response Summary work?

Eric

That was one of the other things that we found as we did more research. Once we deleted the duplicates, there were quite a few things that went away.  The Duplicate System Names and I are best friends.

Thanks