cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mkazi
Level 11
Report Inappropriate Content
Message 1 of 12

Non Compliant Devices

In my environment looks like more than 2000 devices are showing Non Compliant, Wat would be the easiest way to find out what are the reasons and how to solve it ?

11 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 12

Re: Non Compliant Devices

Hello @mkazi 

Thanks for your post.

I would like to request you to please refer the below link:

https://kc.mcafee.com/corporate/index?page=content&id=KB93232&locale=en_US

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 12

Re: Non Compliant Devices

You have to look at exactly what is out of compliance.  If it is content, then you can look at this to see why updates might be failing.  If it is product versions, you would need to deploy latest versions.

https://community.mcafee.com/t5/ePolicy-Orchestrator-ePO/SOLVED-HOW-TO-TROUBLESHOOT-CLIENT-UPDATE-DE...

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

mkazi
Level 11
Report Inappropriate Content
Message 4 of 12

Re: Non Compliant Devices

Actually when i ran the "Agent Communication summary" I can see these devices are not compliance. IT's the default report i ran and the criteria : (Last Communication is within 1 Days and Product Version (Agent) Greater than or equals "1") . What is that (Agent) greater than or equals "1" means ?

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 12

Re: Non Compliant Devices

Duplicate the query that it is running so you can edit and view settings.  Edit the query and on the first page for configuring compliance criteria, click on that to view what it defines as compliant or not.  You can edit the agent version to be whatever you want as minimum requirement for compliance.  

Otherwise, if they are out of compliance for communication, you would need to look at masvc log on the client (c:\programdata\mcafee\agent\logs) to see what the communication failure is, as well as server log on epo or agent handler that it is trying to talk to.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

mkazi
Level 11
Report Inappropriate Content
Message 6 of 12

Re: Non Compliant Devices

I'm actually trying to reduce the non compliant devices here. Looks like more than 2000 devices are non compliant and been turned off. Is this situation what do u suggest ?  Also when i run with Criteria "1" , it gives me more than 2000 devices but when i remove the Agent version criteria it gave me less than 1500 devices. Kinda confused here how this agent version criteria is working .

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 12

Re: Non Compliant Devices

You would need to look then at one or more of the systems showing non-compliant.  If the systems are turned off, they aren't communicating, so they would be non-compliant.  If the agent version is less than the version specified in criteria section, it will be non-compliant.  You need to identify exactly what is out of compliance.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

mkazi
Level 11
Report Inappropriate Content
Message 8 of 12

Re: Non Compliant Devices

So, in our environment we use AD sync to multiple OUs. Looks like even though multiple devices doesn't have the agent installed still shows up as non compliant on the report.

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 12

Re: Non Compliant Devices

Yea, if an entry in epo doesn't have an agent and compliance looks for a minimum version, they would be non-compliant.  You can filter your compliance query to exclude systems that don't have an agent yet.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 12

Re: Non Compliant Devices

Likewise, if you have duplicate entries, you need to remove the older duplicates.  If you also have systems in the system tree that no longer exist, make sure you have enabled to delete systems from epo when removed from AD, but don't check the box to remove agent.  If systems no longer exist, they won't get the agent uninstall command.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community