Yes run the reporter or push the hot fix to all. The problems are intermittent and often undetectable to the user so you will never know if the av on some ststems isn't working.
When I run the 6807-6808 Remediation Status report it shows my PC under Hotfix Applied w/Reboot Required, I must have rebooted my system over 10 times but still it shows as Reboot Required, do I need to do anything more?
Also I get a few systems listed under Hotfix Not Required - McShield Not Running. What do I need to do with those?
Message was edited by: harris_s on 14/09/12 12:15:11 ISTYep - you'll need to clear the current events from the remediation tool, and then run it again. (Or just run the tool again, and your machine should now be listed in the "hotfix applied" column as well as the "reboot required" column.
HTH -
Joe
Hi Joe,
Have run the report many times, still shows as needing reboot. But just realised I installed VSE 8.8 Patch 2 on ONLY my pc in the company, would this possible be causing this, does the tool only report on 8.8 Patch 1?
Are you clearing out the results between each time you run it per the readme for the tool? Otherwise you'll end up with exactly as you mentioned which is the tool reporting a machine in multiple states. If you've been cleaning it out between run times you should only see a machine listed once.
I think that's the problem, the hotfix is checked in to Master Repository, so I'm not actually sure WHEN it collects the data, I presume at each update task.
Looking into threat events it seems that the tool is running constantly around the domain, my database has double in size in the last week (most of which will be these 1035 events). I thought I'd checked this in properly but by the looks of it the network is taking a battering, would it be safe to delete the tool from the master repository now?
harris_s wrote:
Looking into threat events it seems that the tool is running constantly around the domain, my database has double in size in the last week (most of which will be these 1035 events). I thought I'd checked this in properly but by the looks of it the network is taking a battering, would it be safe to delete the tool from the master repository now?
It only ever checks once per deployment task run. You're then supposed to delete the entries, update the deployment task, and let it run again. From your symptoms it sounds like you have the deployment job set to "Run at every policy enforcement (Windows only)" or you have the schedule set to run more often than just once.
You may want to read over the tool's readme, it describes the proper method to deploy and manage the events.
Hi Brentil, I don't mean to be rude and it's easy to say, but I have read the readme's you've pointed out in the last 2 posts may times (as I was ones of those who spents days sorting this issue out). My problem is the McAfee documentation isn't clear, it references too many other kb's which in turn reference more.
I've had to back track through lots of configuration changes which were advised from this very thread and have since found out that the hotfix task needed refining to make it more manageable. Will see how it goes now.
@Harris_s i agree! I am checking my deployment of the hotfix and daily it tries to install but get the task cancelled error 1035. From the start the directions were horrible and never gave detailed instructions. i will check the documentation again and perhaps they updated it with clear steps to perform the action. I was able to check in the package,and deploy patch....but my query for some reason will only check one group under my system tree. We are all not experts at McAfee and being new at it this SUCKS! We are at the beginning of our roll-out and this mess occured!
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA