cancel
Showing results for 
Search instead for 
Did you mean: 
Jmac24
Level 11
Report Inappropriate Content
Message 1 of 8

Automatic response if systems not checking in

Jump to solution

Maybe this is a product idea because based on search results it doesn't look like it's possible but I wanted to throw it out there.

We had a situation where all systems stopped checking in completely just after business hours. We weren't aware until the next morning when I noticed a scheduled update to a small group of systems was not successful, and I noticed the last check-in date was the previous day, then saw nothing had checked in since then. I was hoping there was a way to use an AR to send an email if no systems have checked in for a set amount of time. Since they trigger on events, I'm not sure it's possible...since this would be because of the lack of events.

We had another instance where we were everything was checking in fine, but no events were parsing. We weren't aware until someone reported that MDE activation for a few new systems was failing. In both these cases it's a situation where unless we have eyes actively on ePO or someone reports an endpoint communication issue we are not aware of a problem. Was hoping we could proactively get notifications in these cases.

Labels (1)
1 Solution

Accepted Solutions
McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: Automatic response if systems not checking in

Jump to solution

Hi @Jmac24,

As you have stated, I am afraid we do not have an event id denoting lack of communication as the issue itself is lack of communication. However you can have a daily report configured that pushes out endpoints list to you that has not communicated with the ePO let's say in 24 hours.

Having an Automatic response for this would be nice in your particular scenario, however I would also suggest adding a threshold if you are submitting your idea to avoid response triggers for just few machines that have not communicated in x hours. Hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

7 Replies
McAfee Employee Thussain
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: Automatic response if systems not checking in

Jump to solution

Thanks for posting your query 

May be you can try these options and see if it works, You configure an Automatic Response to send an email when the events are triggered 

Event ID Name Severity
2232 ePolicy Orchestrator Agent: Enforce Policy Failed Warning
2264 ePolicy Orchestrator Agent: Property Collection Failed Warning
2328 ePolicy Orchestrator Agent: Enforce Task Failed Warning
Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
McAfee Employee Thussain
McAfee Employee
Report Inappropriate Content
Message 3 of 8

Re: Automatic response if systems not checking in

Jump to solution

The list of event IDs I can see for Agent are as follows, please refer to the below KBA

https://kc.mcafee.com/corporate/index?page=content&id=KB54677

Event ID Name Severity
2201 ePolicy Orchestrator Agent: Failed to install software package Warning
2202 ePolicy Orchestrator Agent: Install retry limit reached for software package Warning
2204 ePolicy Orchestrator Agent: Insufficient disk space to install software Warning
2208 ePolicy Orchestrator Agent: Insufficient disk space to download software Warning
2216 ePolicy Orchestrator Agent: Cannot install software due to OS version mismatch Warning
Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Highlighted
McAfee Employee Thussain
McAfee Employee
Report Inappropriate Content
Message 4 of 8

Re: Automatic response if systems not checking in

Jump to solution

@Jmac24 

If the steps suggested do not help 

As you mentioned earlier, please submit a new product Idea 

https://kc.mcafee.com/corporate/index?page=content&id=KB60021

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 5 of 8

Re: Automatic response if systems not checking in

Jump to solution

The problem with those events is that they require communication and eventparsing for any response to happen, so that isn't going to help any.  Did you find root cause for each issue?  If so, you can possibly set up a server side alert.  

The type of event would be server, event description could be something like the following:

agent handler down

computers are non-compliant

You can also set up some windows monitoring for disk space issues, where events accumulate or similar monitoring.  

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Jmac24
Level 11
Report Inappropriate Content
Message 6 of 8

Re: Automatic response if systems not checking in

Jump to solution

@cdinet In the 2 cases we had with agents not checking in and another with events not parsing there was a change outside of what we manage which was the cause. One was a change to account permissions and another was a change to a server setting. Neither were disk space related. Services were not stopped either. 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 7 of 8

Re: Automatic response if systems not checking in

Jump to solution

Sounds like one of the ones that might be an option then would be systems being out of compliance.  That might be some good suggestions to open up an IDEA for per kb60021.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: Automatic response if systems not checking in

Jump to solution

Hi @Jmac24,

As you have stated, I am afraid we do not have an event id denoting lack of communication as the issue itself is lack of communication. However you can have a daily report configured that pushes out endpoints list to you that has not communicated with the ePO let's say in 24 hours.

Having an Automatic response for this would be nice in your particular scenario, however I would also suggest adding a threshold if you are submitting your idea to avoid response triggers for just few machines that have not communicated in x hours. Hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community