cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AELSAJOH
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 1 of 7

How to extract information from ePO on VSE or ENS On-Demand scans

One of my customer is looking for the query to extract information from ePO on VSE or ENS On-Demand scans. Do we have any option on this requirement like any SQL Query?

6 Replies

Re: How to extract information from ePO on VSE or ENS On-Demand scans

@AELSAJOH 

I would like you to go through the KB article and let me know if this helps.

KB69428

Venu
AELSAJOH
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 7

Re: How to extract information from ePO on VSE or ENS On-Demand scans

Effectively customer is trying to do is to understand when the weekly On-Demand scan (VSE or ENS based) for each endpoint is scheduled and export that information of ePO (or from the SQL database).    I’m fairly sure that there is no ePO query for this, however I suspect the information is located in one or multiple tables in the SQL database (Customer have no access to the Database so would not to provide SQL commands to their Database Admin Team). Customer have 42 active Client Tasks for VSE/ENS On-Demand scans, however they don’t want to have to go into each one of them to see what are the Tags and scheduled date/time. So basically, just asking for an export from ePO of each endpoint, along with their scheduled On-Demand scan date/time. If we can get additional information included in that report such as OS Type and Domain Name that would also be great.

Re: How to extract information from ePO on VSE or ENS On-Demand scans

@AELSAJOH 

For event ID 1203 -On demand scan completion, in the  table eventsfilterdesc, the description field is:

On Demand scan complete. Detections %NUMVIRS%, Cleaned %NUMCLEANED%, Deleted %NUMDELETED%, Quarantined %NUMQUARANTINED%.Scan version %ENGINEVERSION% DAT version %DATVERSION%.

 

 

Venu
AELSAJOH
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 7

Re: How to extract information from ePO on VSE or ENS On-Demand scans

Customer already aware of the scan commence and scan complete events.    This doesn’t tell them when the scan is scheduled ( scheduled task for in every endpoints’ s VSE or ENS console).  

tao
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 7

Re: How to extract information from ePO on VSE or ENS On-Demand scans

Perhaps, create a query based on a time frame ( sample time frame1 day, 1 week so on) and include eventID 1202 & 1203 - Build a server task; including the query, E-Mail result and schedule accordingly.

McAfee managed products generated Event IDs listed in ePolicy Orchestrator - https://kc.mcafee.com/corporate/index?page=content&id=KB54677

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 7

Re: How to extract information from ePO on VSE or ENS On-Demand scans

The tasks in the database are in several related tables, so it would not be quite as simple as pulling info from one table.  In the epotaskschedulesetitngsmt table, for example, one task may have 11 or 12 rows for each setting name in the task schedule, and you would have to match it with the task Id from other tables, etc.  You can get a basic idea of some time frames from the system tree client task assignment page.

Here is an example from my test server.  If you look at the schedule column, it shows whether it would be daily, weekly, monthly, run immediately, etc.  The start date and time column lists the time it is scheduled to start.  That would not show, however, for a weekly or monthly scan what day of the week it is scheduled to run.

One thing they can do as a best practice is when they create a client task, put in the schedule in the description, as that field can be pulled in a query.

schedules.png

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community