cancel
Showing results for 
Search instead for 
Did you mean: 

Compliance report over multiple days

I run daily non compliance reports twice daily, 12 hours apart. They will report on compliance of the McAfee agent version, VSE, Engine and DAT versions. This will only run for systems that have been in contact over the previous 24 hours.

I'm running into an issue where things like training machines, backup machines not online frequently, people coming back from long weekends or vacations, etc. will show up on the non-compliant list because it had not yet updated and reported back to ePO before the report has run. This goes to our Helpdesk, who then open tickets for our IT staff to investigate. The problem is that in a lot of cases, the machine will be up to date by the time they get to it.

What I would like to do is to run this same report, but only have it show machines that have been out of date for more than 1 day. That way I'm filtering out the systems that are simply online for the first time in a while. I spent a few hours looking at building a query to do this, but I can't find a way to get that working the way I want it. Has anyone done this?

I thought about creating a task that tags the systems day 1, then run a task each day against the machines with that tag to re-check the versions, then clear those tags if they are then compliant. Seems like a bit over-complicated for something that may be easier to do in a simple query. If anyone can help I'd really appreciate it.

Thanks

2 Replies

Re: Compliance report over multiple days

  • You can use "Non-compliant computer detected" it can be find under Automatic responses tab.
  • you can customise the query as you want.
  • you can set the threshold value.

Re: Compliance report over multiple days

Where to I set the criteria? What I am looking to "flag" are systems that have any out of date product or definitions, whether it's the agent, HIPS, VSE, engine, etc. I don't see anywhere in the automatic response filters to set that. I see that the default is the non compliance event ID 16000. What feeds ePO the criteria that will generate that event?

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community