Just want to double-check the working of this setting.
Say I am deploying VSE and I leave this setting unchecked in the deployment task which I setup as Run Immediately. Now the client connects to the server and collects the task, but it doesn't execute it. The next time it connects to the server it does. If "Every policy enforcement" was checked it would have executed five minutes later instead of sixty (assuming default values), correct?
EDIT: Except I see that this clearly isn't what it does... is it simply used to verify every five minutes that a task is being enforced, even after completion, so in the case of VSE once it has been deployed it will check every five minutes to see that it is still deployed, as opposed to every sixty...?
The client connects to your epo during a normal communication intervall (default 60 minutes) -- it "sees" your new deployment task, downloads it and is executing it immediately and only ONCE.
2) With checkmark The same behaviour as above but additionally the task is run at every policy enforcement (default 5 minutes). So every 5 minutes the agent will recheck if all the products are installed on the client. Therfore it connects to the next available repository
So it's a sort of protection against it being uninstalled or otherwise removed?
I noticed in the log it was running a verification every five minutes. Is there a performance impact? What level of protection does this provide, is it based on the files it can see, or does it just check a registry key?
What I am not understanding is why you would advise setting PE to 30 minutes instead of 5 when the VSE install is executed on first connected anyway (thus the PE interval doesn't matter), and apart from that policy enforcement is a purely local task so does not draw on bandwidth. Situations where the product has been removed are edge cases and should be rare, therefore I do not see a larger interval saving on bandwidth their either.
In this instance I do not understand why you would change the interval. Can you explain?
In our environment, we have set the PE to 30 minutes to allow the end user to disable On-access for a 30 miinute period if necessary. We have people who transfer large files and who complained about McAfee slowing it down. Allowing the user to disable the OAS temporarily, cut down on these complaints. By setting the PE to 5 minutes, the user would only be able to disable the OAS for 5minutes at a time before the EPO policies get applied.