No, it's Windows XP SP3. McAfee VirusScan represents the only security mechanism on the system.

We hide the tray icon, is there a way to trigger that from the command line? This is something I would hope to dodge though as there are about 100 machines with this problem, so first we need to identify owners, then contact details, then catch them when they're online...

Below is what the log said from the ePO wakeup, the client has two IPs because it's on VPN.

2011-02-03 08:33:04 I #5896 LstnSvr CAsyncSocket::DoAccept for event: FD_ACCEPT

2011-02-03 08:33:04 E #3860 SpiPkgr Error trace:

2011-02-03 08:33:04 E #3860 SpiPkgr [Parse SPIPE package of size 368]->

2011-02-03 08:33:04 E #3860 SpiPkgr   VerifySign error -2147483640

2011-02-03 08:33:04 I #3860 LstnSvr Unable to read from the package buffer, GetlastError: 2

2011-02-03 08:33:04 I #3860 LstnSvr Bytes received from wakeup call : 368

2011-02-03 08:33:04 I #5896 LstnSvr CAsyncSocket::DoAccept for event: FD_ACCEPT

2011-02-03 08:33:04 I #4352 Agent Started processing a package..

2011-02-03 08:33:04 i #4352 Agent Agent wakeup call received

2011-02-03 08:33:04 i #4352 Agent Agent wakeup call for FULL PROPS received

2011-02-03 08:33:04 i #4316 Agent Agent started performing ASCI

2011-02-03 08:33:04 I #4316 Agent Collecting Properties

2011-02-03 08:33:04 I #4316 Agent Collecting IP address using Internet Manager

2011-02-03 08:33:04 I #4316 imsite Found site name=McAfeeHttp

2011-02-03 08:33:04 I #4316 imsite Found site name=Site1

2011-02-03 08:33:04 I #4316 imsite Found site name=Site2

2011-02-03 08:33:04 I #4316 imsite Found site name=Site3

2011-02-03 08:33:04 I #4316 imsite Found site name=Site4

2011-02-03 08:33:04 I #4316 imsite Found site name=Site5

2011-02-03 08:33:04 I #4316 imsite Found site name=Site6

2011-02-03 08:33:04 I #4316 imsite Found site name=Site7

2011-02-03 08:33:04 I #4316 imsite Found site name=Site8

2011-02-03 08:33:04 I #4316 imsite Found site name=ePO_Server

2011-02-03 08:33:10 E #4316 imsite Error trace:

2011-02-03 08:33:10 E #4316 persite [source site list,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\SiteList.xml]->

2011-02-03 08:33:10 E #4316 imsite [calculate subnet distance,McAfeeHttp]->

2011-02-03 08:33:10 E #4316 imsite   gethostbyname (update.nai.com) failed

2011-02-03 08:33:10 I #4316 imsite subnet dist 0:ClientComputer/100.100.144.67->Site1/100.100.14.247=20

2011-02-03 08:33:10 I #4316 imsite subnet dist 1:ClientComputer/192.168.1.33->Site1/100.100.14.247=32

2011-02-03 08:33:10 I #4316 imsite subnet dist 0:ClientComputer/100.100.144.67->Site2/100.100.20.21=20

2011-02-03 08:33:10 I #4316 imsite subnet dist 1:ClientComputer/192.168.1.33->Site2/100.100.20.21=32

2011-02-03 08:33:10 I #4316 imsite subnet dist 0:ClientComputer/100.100.144.67->Site3/100.100.38.216=20

2011-02-03 08:33:10 I #4316 imsite subnet dist 1:ClientComputer/192.168.1.33->Site3/100.100.38.216=32

2011-02-03 08:33:10 I #4316 imsite subnet dist 0:ClientComputer/100.100.144.67->Site4/100.100.21.150=20

2011-02-03 08:33:10 I #4316 imsite subnet dist 1:ClientComputer/192.168.1.33->Site4/100.100.21.150=32

2011-02-03 08:33:10 I #4316 imsite subnet dist 0:ClientComputer/100.100.144.67->Site5/100.100.23.239=20

2011-02-03 08:33:10 I #4316 imsite subnet dist 1:ClientComputer/192.168.1.33->Site5/100.100.23.239=32

2011-02-03 08:33:10 I #4316 imsite subnet dist 0:ClientComputer/100.100.144.67->Site6/100.100.18.10=20

2011-02-03 08:33:10 I #4316 imsite subnet dist 1:ClientComputer/192.168.1.33->Site6/100.100.18.10=32

2011-02-03 08:33:10 I #4316 imsite subnet dist 0:ClientComputer/100.100.144.67->Site7/100.100.27.14=20

2011-02-03 08:33:10 I #4316 imsite subnet dist 1:ClientComputer/192.168.1.33->Site7/100.100.27.14=32

2011-02-03 08:33:10 I #4316 imsite subnet dist 0:ClientComputer/100.100.144.67->Site8/100.100.12.85=20

2011-02-03 08:33:10 I #4316 imsite subnet dist 1:ClientComputer/192.168.1.33->Site8/100.100.12.85=32

2011-02-03 08:33:10 I #4316 imsite subnet dist 0:ClientComputer/100.100.144.67->ePO_Server.domain.co.uk/100.100.0.248=20

2011-02-03 08:33:10 I #4316 imsite subnet dist 1:ClientComputer/192.168.1.33->ePO_Server.domain.co.uk/100.100.0.248=32

2011-02-03 08:33:10 I #4316 persite site McAfeeHttp order=65534 (fallback or mirror)

2011-02-03 08:33:10 I #4316 naInet UNC Session initialized

2011-02-03 08:33:10 E #4316 bldtrob Error trace:

2011-02-03 08:33:10 E #4316 persite [source site list,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\SiteList.xml]->

2011-02-03 08:33:10 E #4316 imsite [ImSiteImpl::ping()]->

2011-02-03 08:33:10 E #4316 imsite [checkBuildTransferObject]->

2011-02-03 08:33:10 E #4316 bldtrob [inetmgr::CreateTransferItfFromProperties()]->

2011-02-03 08:33:10 E #4316 bldtrob   Failed >> Setting naInet transfer option DomainName =

2011-02-03 08:33:10 I #4316 imsite Pinging site = Site1

2011-02-03 08:33:10 I #4316 imsite server = Site1

2011-02-03 08:33:13 I #4316 imsite Delay = 52 (in millisecs)

2011-02-03 08:33:13 I #4316 persite site Site1 order=52 (by ping delay test)

2011-02-03 08:33:13 I #4316 naInet UNC Session initialized

2011-02-03 08:33:13 E #4316 bldtrob Error trace:

2011-02-03 08:33:13 E #4316 persite [source site list,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\SiteList.xml]->

2011-02-03 08:33:13 E #4316 imsite [ImSiteImpl::ping()]->

2011-02-03 08:33:13 E #4316 imsite [checkBuildTransferObject]->

2011-02-03 08:33:13 E #4316 bldtrob [inetmgr::CreateTransferItfFromProperties()]->

2011-02-03 08:33:13 E #4316 bldtrob   Failed >> Setting naInet transfer option DomainName =

2011-02-03 08:33:13 I #4316 imsite Pinging site = Site2

2011-02-03 08:33:13 I #4316 imsite server = Site2

2011-02-03 08:33:17 I #4316 imsite Delay = 46 (in millisecs)

2011-02-03 08:33:17 I #4316 persite site Site2 order=46 (by ping delay test)

2011-02-03 08:33:17 I #4316 naInet UNC Session initialized

2011-02-03 08:33:17 E #4316 bldtrob Error trace:

2011-02-03 08:33:17 E #4316 persite [source site list,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\SiteList.xml]->

2011-02-03 08:33:17 E #4316 imsite [ImSiteImpl::ping()]->

2011-02-03 08:33:17 E #4316 imsite [checkBuildTransferObject]->

2011-02-03 08:33:17 E #4316 bldtrob [inetmgr::CreateTransferItfFromProperties()]->

2011-02-03 08:33:17 E #4316 bldtrob   Failed >> Setting naInet transfer option DomainName =

2011-02-03 08:33:17 I #4316 imsite Pinging site = Site3

2011-02-03 08:33:17 I #4316 imsite server = Site3

2011-02-03 08:33:20 I #4316 imsite Delay = 47 (in millisecs)

2011-02-03 08:33:20 I #4316 persite site Site3 order=47 (by ping delay test)

2011-02-03 08:33:20 I #4316 naInet UNC Session initialized

2011-02-03 08:33:20 E #4316 bldtrob Error trace:

2011-02-03 08:33:20 E #4316 persite [source site list,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\SiteList.xml]->

2011-02-03 08:33:20 E #4316 imsite [ImSiteImpl::ping()]->

2011-02-03 08:33:20 E #4316 imsite [checkBuildTransferObject]->

2011-02-03 08:33:20 E #4316 bldtrob [inetmgr::CreateTransferItfFromProperties()]->

2011-02-03 08:33:20 E #4316 bldtrob   Failed >> Setting naInet transfer option DomainName =

2011-02-03 08:33:20 I #4316 imsite Pinging site = Site4

2011-02-03 08:33:20 I #4316 imsite server = Site4

2011-02-03 08:33:24 I #4316 imsite Delay = 489 (in millisecs)

2011-02-03 08:33:24 I #4316 persite site Site4 order=489 (by ping delay test)

2011-02-03 08:33:24 I #4316 naInet UNC Session initialized

2011-02-03 08:33:24 E #4316 bldtrob Error trace:

2011-02-03 08:33:24 E #4316 persite [source site list,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\SiteList.xml]->

2011-02-03 08:33:24 E #4316 imsite [ImSiteImpl::ping()]->

2011-02-03 08:33:24 E #4316 imsite [checkBuildTransferObject]->

2011-02-03 08:33:24 E #4316 bldtrob [inetmgr::CreateTransferItfFromProperties()]->

2011-02-03 08:33:24 E #4316 bldtrob   Failed >> Setting naInet transfer option DomainName =

2011-02-03 08:33:24 I #4316 imsite Pinging site = Site5

2011-02-03 08:33:24 I #4316 imsite server = Site5

2011-02-03 08:33:27 I #4316 imsite Delay = 52 (in millisecs)

2011-02-03 08:33:27 I #4316 persite site Site5 order=52 (by ping delay test)

2011-02-03 08:33:27 I #4316 persite site Site6 order=65534 (not in top 5 sites by subnet distance)

2011-02-03 08:33:27 I #4316 persite site Site7 order=65534 (not in top 5 sites by subnet distance)

2011-02-03 08:33:27 I #4316 persite site Site8 order=65534 (not in top 5 sites by subnet distance)

2011-02-03 08:33:27 I #4316 persite site ePO_Server order=65534 (not in top 5 sites by subnet distance)

2011-02-03 08:33:27 I #4316 naInet HTTP Session initialized

2011-02-03 08:33:27 I #4316 imsite Connecting to server: 100.100.0.248 on port: 81

2011-02-03 08:33:27 I #4316 naInet HTTP Session closed

2011-02-03 08:33:27 I #4316 Manage Collecting Properties

2011-02-03 08:33:27 i #4316 Manage Collecting Properties

2011-02-03 08:33:29 I #4316 Agent Agent is sending FULL PROPERTIES

2011-02-03 08:33:29 I #4316 Agent Forwarding all events

2011-02-03 08:33:29 I #4316 Agent Forward all events request received

2011-02-03 08:33:29 I #4352 Agent Started processing a package..

2011-02-03 08:33:29 I #4352 Agent Preparing Props Package

2011-02-03 08:33:29 I #5868 Agent Agent event wakeup, processing events

2011-02-03 08:33:29 i #5868 Agent Agent is looking for events to upload

2011-02-03 08:33:29 I #5868 Agent Agent did not find any events to upload

2011-02-03 08:33:29 I #5868 Agent Agent did not find any events to upload

2011-02-03 08:33:29 I #5868 Agent Agent did not find any events to upload

2011-02-03 08:33:29 I #5868 Agent Agent did not find any events to upload

2011-02-03 08:33:29 I #5868 Agent Agent did not find any events to upload

2011-02-03 08:33:29 I #4352 SpiPkgr Using sequence number 4130

2011-02-03 08:33:29 i #4352 Agent Agent communication session started

2011-02-03 08:33:29 i #4352 Agent Agent is sending FULL PROPS package ePO server

2011-02-03 08:33:29 i #4352 Agent Agent is connecting to ePO server

2011-02-03 08:33:29 I #4352 naInet HTTP Session initialized

2011-02-03 08:33:29 I #4352 imsite Upload from: C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129411956095210000_6405.spkg

2011-02-03 08:33:29 I #4352 imsite Upload response target: C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129411956098800000_10403.spkg

2011-02-03 08:33:29 I #4352 naInet Uploading file C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129411956095210000_6405.spkg to ePO Server...

2011-02-03 08:33:29 I #4352 naInet Connecting to Real Server: 100.100.0.248 on port: 81

2011-02-03 08:33:29 I #4352 naInet Connected to ePO Server: 100.100.0.248

2011-02-03 08:33:29 I #4352 naInet Uploading SPIPE HTTP header

2011-02-03 08:33:29 I #4352 naInet Uploading data in bytes: 4086

2011-02-03 08:33:29 I #4352 naInet Reading acknowledgement from ePO Server

2011-02-03 08:33:30 I #4352 naInet Authentication successful: HTTP/1.1 200 OK

2011-02-03 08:33:30 I #4352 naInet

2011-02-03 08:33:30 I #4352 naInet Received response [200 OK] from ePO Server

2011-02-03 08:33:30 I #4352 naInet Receiving a package ePO Server

2011-02-03 08:33:30 I #4352 naInet Uploaded file : C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129411956095210000_6405.spkg to Server successfully

2011-02-03 08:33:30 I #4352 naInet HTTP Session closed

2011-02-03 08:33:30 i #4352 Agent Package uploaded to ePO Server successfully

2011-02-03 08:33:30 i #4352 Agent Agent communication session closed

2011-02-03 08:33:30 i #4352 Agent Agent received REQUEST PUBLIC KEY package from ePO server

2011-02-03 08:33:30 I #4352 Agent Started processing a package..

2011-02-03 08:33:30 I #4352 Manage Collecting Properties

2011-02-03 08:33:30 I #4352 Manage CEnforceProperties::LoadPropFiles() - Properties file not found, creating new

2011-02-03 08:33:30 i #4352 Manage Collecting Properties

2011-02-03 08:33:31 I #4352 Agent Preparing Agent Key Package

2011-02-03 08:33:31 I #4352 Agent Getting IP address for public key from Internet Manager

2011-02-03 08:33:31 I #4352 naInet HTTP Session initialized

2011-02-03 08:33:31 I #4352 imsite Connecting to server: 100.100.0.248 on port: 81

2011-02-03 08:33:31 I #4352 naInet HTTP Session closed

2011-02-03 08:33:31 I #4352 SpiPkgr Using sequence number 4131

2011-02-03 08:33:31 i #4352 Agent Agent communication session started

2011-02-03 08:33:31 I #4352 Agent Package type is AgentPubKey

2011-02-03 08:33:31 i #4352 Agent Agent is connecting to ePO server

2011-02-03 08:33:31 I #4352 naInet HTTP Session initialized

2011-02-03 08:33:31 I #4352 imsite Upload from: C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129411956102860000_587.spkg

2011-02-03 08:33:31 I #4352 imsite Upload response target: C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129411956115050000_22401.spkg

2011-02-03 08:33:31 I #4352 naInet Uploading file C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129411956102860000_587.spkg to ePO Server...

2011-02-03 08:33:31 I #4352 naInet Connecting to Real Server: 100.100.0.248 on port: 81

2011-02-03 08:33:31 I #4352 naInet Connected to ePO Server: 100.100.0.248

2011-02-03 08:33:31 I #4352 naInet Uploading SPIPE HTTP header

2011-02-03 08:33:31 I #4352 naInet Uploading data in bytes: 4710

2011-02-03 08:33:31 I #4352 naInet Reading acknowledgement from ePO Server

2011-02-03 08:33:33 I #4352 naInet No package to receive from ePO Server, HTTP return code: HTTP/1.1 202 OK

2011-02-03 08:33:33 I #4352 naInet

2011-02-03 08:33:33 I #4352 naInet Received response [202 OK] from ePO Server

2011-02-03 08:33:33 I #4352 naihttp client:no package to receive

2011-02-03 08:33:33 I #4352 naInet Uploaded file : C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129411956102860000_587.spkg to Server successfully

2011-02-03 08:33:33 I #4352 imsite NaInet library returned code == 13

2011-02-03 08:33:33 I #4352 naInet HTTP Session closed

2011-02-03 08:33:33 i #4352 Agent No package received from ePO Server

2011-02-03 08:33:33 i #4352 Agent Agent communication session closed

running the local copy of cmdagent.exe with /s will bring up the agent gui normally, dont know if this will work without agent icons turned on.

Which one of these is wake-up (or equivalent):

Collect and Send Props

Send Events

Check New Policies

Enforce Policies

I tested this out on one of the machines and Collect and Send Props seems to do the trick and indeed your solution works.

As a first step I'm going to try removing all the unmanaged machines (they're synched in from AD) and see if they add themselves during the communications they appear to be carrying out.

you can force them all to talk back by using psexec in a batch file to run the local file like this:

psexec @textfile with list of ip or hostnames.txt -u %your domain%\%an admin user from your domain% "c:\Program Files\McAfee\Common Framework\cmdagent.exe" /p /e /c

pause

you just have psexec and the txt file in the same folder as the batch file (or psexec in path)

path to cmdagent may vary depending on how you set it up a 0 response is what you want from each machine