cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 2

Automated Responses for progress reporting of On-Demand Scan tasks

Hello,

I have seen the following scenario in a production environment running ePO 5.1 with McAfee Agent 4.8 and VirusScan Enterprise 8.8. However I have not been able to reproduce it successfully. Please leave your advice on the steps I have taken and what steps you would recommend to result in the scenario outlined below.

Scenario:

There are three different types of scans with differing schedules assigned as client tasks. When these scans are scheduled (task added to the scheduler list on the endpoint) they have a tag applied.

ODS: Memory Scan Scheduled.


When the scan starts, completes or is cancelled the previous tag is removed and the appropriate tag is applied (I assume this is done using automatic responses).
Queries are then used to report back how many endpoints are at each stage of each scan.

My attempt to reproduce:

I have configured 3 Client Task Assignments for different On-Demand Scan tasks, these are scheduled as stated below:

Full System Scan - scheduled monthly for the first Friday of every month: 10am with 5 hour randomization window.

Targeted Scan – scheduled weekly every Thursday: 10am with 5 hour randomization window.

Memory Scan – scheduled daily: 9am with a 6 hour randomization window.

I have then configured four tags for each scan task:

ODS: Memory Scan Scheduled
ODS: Memory Scan Started
ODS: Memory Scan Completed
ODS: Memory Scan Cancelled


ODS: Targeted Scan Scheduled
ODS: Targeted Scan Started
ODS: Targeted Scan Completed
ODS: Targeted Scan Cancelled


ODS: Full System Scan Scheduled
ODS: Full System Scan Started
ODS: Full System Scan Completed
ODS: Full System Scan Cancelled


Where I am stuck!

How can I use Automatic Responses to apply the tags to machines as they step through the stages of the assigned client tasks? I’m assuming this also correlate to Event ID somehow?

Event ID: 1202 – ODS started
Event ID: 1203 – ODS completed


However I have not found the Event ID’s for scheduled and cancelled.
My other concern with using Event ID’s is how can they differentiate between the 3 different types of ODS scan that are scheduled? Surely if I use just Event ID’s a query could return the results:


Full Scan Completed in 30 seconds when actually it was a Memory Scan?

Once I have the automatic responses configured to apply the tags, I can use queries to report on systems that have these tags and therefore what stage of each scheduled client task they have reached and if any have failed.

Thanks in advance for any help!

George

1 Reply

Re: Automated Responses for progress reporting of On-Demand Scan tasks

Moved to ePO for hopefully a faster response.

-=--

Peter

Moderator

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community