I'm looking at the McAfee best practices for DAT deployment on my workstations. I asked the question to McAfee and their recommendation is to schedule a task at 3pm and another one at the user "logon". I'm wondering if it would be better to have only one task at 3pm with the option to repeat every hours.
I'm not sure if it make sense and I would like to have your feedback.
You want to have one at login as well, I set the policy to run the update 10-15 minutes after the user logs in. This catches folks who have been out of the office or left their system turned off. I also have a policy set for the system to call home to ePO if it hasn't communicated in 24 hours.
You should have an emergency DAT distribution set up, but disabled. I've used it once in five years, and the bad DAT detection caught most of the bad DATS.
Thank you very much for your recommendation. I will definitely add a validation at login like you did. I'm sorry but I'm not sure to understand your comment on "The system to call home to ePO" ? Can you explain more in details.
Have a great day.
You can set a parameter for the Agent to call into the ePO server if it hasn't communicated with the server within a certain period of time. This way it gets any changed policies, new or updated client tasks, or other changed ePO parameters. I use 24 hours, others may use longer or shorter time periods as their situation permits or requires.
You can set it up for 3pm but keep in mind daily DATs are released slightly after 4pm. That means your clients are nearly 1 day behind. Many people choose to delay DAT updates by 1 day for servers but workstations get update right away or just few hours after they are released. This can be done in two ways. One is simply configuring policies to use "previous" branch for dat update OR time the scheduled task cleverly. Also since DATs are released once a day, deploying it every hour can cause unnecessary bandwidth usage. Scheduling requires understanding of your environment. Are systems shut down at the end of the day? What's the earliest hour users start using their systems? How can you target and achieve the maximum systems? You may consider different schedule for different office locations.
Some good FYI materials:
Also, depending on the environment - you may consider the option for "
It seems that my issue is for some computers only, they don't pull the DAT update. At this time, I have two client tasks assigned, one in the morning at 7ham and the other one at the evening at 9pm. This has been configured by someone else. I would like to change these schedules because they are not optimal. (even with the option "Run missed task 10 minute delay". I think that this option doesn't work sometimes. I've taken a look at few computers in the agent log and can't see any entry about the DAT validation after this 10 minutes. (computers with the issue of course)
The majority of the systems are not shut down at the end of the day. We have a lot of laptop traveling from home to the office. Those laptops use the VPN to connect on the business network remotely so they have access to the ePO server all the time.
Our users starts working around 9h am to 5h pm. The randomization is a good option and I will use it in the new schedule. Yes, the idea to run a query for the workstation online and not up to date every hour is too extensive. If my new schedules works fine, I think I won't need it anymore.
Thanks again guys.
I have used the following task with much success:
Schedule type: Daily
Start time: 12AM
Run at that time, and then repeat until: 11:59PM
During repeat, start task every: 1hr
Enable randomization: 1hr
Run missed task: 5 minutes
Also, under CMA/General Policy - Agent-server communication: Initiate agent-to-server communication within 10 minutes after startup if policies are older than (days): 1 and enable Retrieve all system and product properties (recommended). If unchecked retrieve only a subset of properties.