cancel
Showing results for 
Search instead for 
Did you mean: 

Detections not being reported to EPO DB

Hi,

I am currently working on a monitoring project for one of our Enterprise Clients.   I have set up a virtual environment using –

1.      One EPO 3.6.1 Server running on Windows 2003 R2 SP2 (MEM01)

2.      One Domain controller running Windows 2003 R2 SP2 (DC01)

3.      One Windows XP workstation running SP3. (WRK01)

Each of the servers and the workstation have the EPO Agent Version 4.0.0.1494 installed and the VScan client 8.5.0.781 running DAT 6048, Scan engine 5400.1158 and HotFix Version 8.   They are all reporting in EPO and I am able to schedule tasks to run dat updates etc on all the clients. I can see from the Agent logs everything appears to be communicating ok,  I have attached the logs from the agent on the workstation and domain controller.

However,  when I simulate a virus event by using EiCar or TryGuard.   The AV client detects the files as viruses and reports it on screen to the user.   I also have notification rule to send events via email to one of my administrator accounts.   Each time I use EiCar I see the email sent to the account with a record of the detection.   But I don't see any of the events being recorded in the EPO database.   When I run a query using native SQL tools or the EPO reports/queries  I can't see of the virus events.    My detection reports so zero detections.

For the Database I have tried using SQL installation that comes with EPO 3.6.1 and accepted all the defaults.   I have also installed EPO on a SQL 2000 database but I get exactly the same problem.

Does anyone have any ideas?

8 Replies

Re: Detections not being reported to EPO DB

did you try to another sql server?

Re: Detections not being reported to EPO DB

I have not tried that yet.   I have tired scapping the enviroment and startng again as a VM.   I'll try moving the database to a new server and see what happens.

Is it easy to move the server or will mean re installing the EPO server?

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 9

Re: Detections not being reported to EPO DB

First of all - as I'm sure you're aware - ePO 361 is no longer supported.

In this instance it sounds like the events are not being written to the db by the event parser. If you look in the eventparser.log on the ePO server, are there any errors?

Also - download the latest version of the VirusScan reporting NAP file and check it in. (The latest version I know of is from the VSE 8.7 Patch 3 package.) The report nap is responsible for updating the VSE event handler, which is what allows ePO to understand VSE events.

HTH -

Joe

Re: Detections not being reported to EPO DB

when you want to update your epo server (like epo 4.5) you don't need to a externel sql database to support your epo.

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 9

Re: Detections not being reported to EPO DB

Er - yes you do  

ePO requires an SQL database... it always has done. No SQL, no ePO.

HTH -

Joe

Re: Detections not being reported to EPO DB

I have managed to work out what is going on.    Thanks for the tip about the eventparser.log file,  I found the log and found some errors in it.   When I did a search on Google I managed to come across this page -

https://kc.mcafee.com/corporate/index?page=content&id=KB50757&pmv=print

It turns out the NAPs installation was corrupt.   So I have re installed into EPO and restarted the services and jobs a good one 

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 9

Re: Detections not being reported to EPO DB

No problem, glad it's resolved

Now you just need to get upgraded to a supported version

Regards -

Joe

Re: Detections not being reported to EPO DB

good works!