cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bandit61
Level 9
Report Inappropriate Content
Message 1 of 5

ePO and endpoint security for Linux

Jump to solution

Clipboard01.jpgClipboard02.jpgHi

Since VSL 2.0.3.xxx doesn't work on Ubuntu 18.4 I installed EPS linux on the epo-server. Installed the agent 5.6.0.702 successfull, installed the eps for linux and setup a separate monitor for the ubuntu-1804. What I'm missing now on the epo-server-dashboard-monitor is, that it doesn't display  the dat-file of the ubuntu1804 (see attached files) .VSL2.0.3. showed the dat-file-version on the detail of the machine.Searched around but couldn't find it.

2  questions now that I have eps-policy as well: 

how is the priority between the eps-policies and the vse88p12-policies, vsl203-policies ?

can i break the assignment of the eps-policies from my organization to the subgroup ubuntu1804?

thanks

Tags (1)
2 Solutions

Accepted Solutions
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 5

Re: ePO and endpoint security for Linux

Jump to solution

ENS does not use dats, it uses amcore content, so the dat version showing blank in the product section is normal.  VSEL and VSE use dats, but ens does not.

As for the second question, Hawkmoon pointed out how to modify your policy assignments.  However, if you are asking what policy will be assigned (eps-policies and the vse88p12-policies, vsl203-policies), the only policies the clients will use are the ones for the point products they have assigned.  Though vse, vsel and ens policies exist, they won't be used by the client if the product is not installed.

Let us know if that answers your questions or not.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: ePO and endpoint security for Linux

Jump to solution

The columns you are seeing blank for dats is pointing to a VSE dat column property.  If you look at query options when choosing columns, each AV point product has its own dat property.  So, for VSEL or ENS, that vse column would not apply.  But in system details for the point product, those columns are based on that point product, so it shows. 

The update task would include dats and amcore, so yes, you need it and if you are copying over epo repository contents, then that would also include amcore content.  Non-windows does use dats, but as pointed out, the blank column is expected behavior because it is not VSE.  ePO 5.10 has removed that column in the system details page.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

4 Replies
Hawkmoon
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: ePO and endpoint security for Linux

Jump to solution

Hi bandit61,

You ask:

"2  questions now that I have eps-policy as well: 

how is the priority between the eps-policies and the vse88p12-policies, vsl203-policies ?

can i break the assignment of the eps-policies from my organization to the subgroup ubuntu1804?"

To start with the second question first, the short answer is 'yes'. You would break inheritance at the device or group as needed and define whatever policy you want for the appropriate product.

A more detailed answer can be found in the ePO guide, pages 187 onwards to 208.

  • Editing priority page 197
  • Inheritance page 188 > 208
  • Assigning to group page 203
  • Viewing assignments where disabled page 207

(my referance  guide was: PD26914 - ePolicy Orchestrator 5.9 Product Guide - Rev. B)

Well worth a read, not just to do what you want, but to read up on 'policy history'!
As with any group related operation be it TAG, task or policy an incorrect 'object' can be accidentally applied, so to use 'policy history' in conjunction with the Audit.log can help identify the what and when etc. of such a matter!

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 5

Re: ePO and endpoint security for Linux

Jump to solution

ENS does not use dats, it uses amcore content, so the dat version showing blank in the product section is normal.  VSEL and VSE use dats, but ens does not.

As for the second question, Hawkmoon pointed out how to modify your policy assignments.  However, if you are asking what policy will be assigned (eps-policies and the vse88p12-policies, vsl203-policies), the only policies the clients will use are the ones for the point products they have assigned.  Though vse, vsel and ens policies exist, they won't be used by the client if the product is not installed.

Let us know if that answers your questions or not.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

bandit61
Level 9
Report Inappropriate Content
Message 4 of 5

Re: ePO and endpoint security for Linux

Jump to solution

@DAT Version: I know that there are diff. version of Linux, but why not show the eps-linux DAT-Version in the detail screen. If you click on the line with endpoint security threat prevention, it shows the actual DAT-Version (Non-Windows)

If not using DAT-files, why then  create update task, run and configure schedule task? Page-24 to 25 in the product guide Endpoint security 10.5.1. Threat prevention Linux (ensl_1051_pg_0-00.pdf) ?

How to get the update for amcore into a closed network without direct internet-access? Actual we copy the repository form the outside-epo-server to the inside every 2h.

Clipboard03.jpg

 

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: ePO and endpoint security for Linux

Jump to solution

The columns you are seeing blank for dats is pointing to a VSE dat column property.  If you look at query options when choosing columns, each AV point product has its own dat property.  So, for VSEL or ENS, that vse column would not apply.  But in system details for the point product, those columns are based on that point product, so it shows. 

The update task would include dats and amcore, so yes, you need it and if you are copying over epo repository contents, then that would also include amcore content.  Non-windows does use dats, but as pointed out, the blank column is expected behavior because it is not VSE.  ePO 5.10 has removed that column in the system details page.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community