cancel
Showing results for 
Search instead for 
Did you mean: 

EPO 5.9.1 and ENS 10.6.1 - Permissions to run On Demand Scan

Jump to solution
Hello, I am configuring a Custom User Permission Set in EPO 5.9.1 for a team of clients. Among other things, I need to provide them with the ability to run a Full On Demand Scan of managed workstations and servers. Is there a specific group or user permission set that will allow the minimum level of access to do this Thank you.
3 Solutions

Accepted Solutions
McAfee Employee Thussain
McAfee Employee
Report Inappropriate Content
Message 3 of 11

Re: EPO 5.9.1 and ENS 10.6.1 - Permissions to run On Demand Scan

Jump to solution

In order to assign one group of user the permission of run ODS task you will have to make sure the permission set has
1. Endpoint Security Threat Prevention : Tasks has the View and change settings
2. Systems: View "System Tree" tab
3. System Tree access: Can search on the following nodes and portions of the System Tree:My                       Organization
                                        Can access the following nodes and portions of the System Tree:My Organization

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 6 of 11

Re: EPO 5.9.1 and ENS 10.6.1 - Permissions to run On Demand Scan

Jump to solution

The on demand scan log should show start and stop times for it.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 9 of 11

Re: EPO 5.9.1 and ENS 10.6.1 - Permissions to run On Demand Scan

Jump to solution

Run client task now depends on several things.  

1.  Active system to receive the task at the time it is sent

2.  RCTN task might have a time limit set on it - check for that.

3.  There must be no data channel communication failures in the server log on the epo server or agent handlers.  

You can check the server log for errors or the client logs (masvc agent log) to see if it received the task.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

10 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 11

Re: EPO 5.9.1 and ENS 10.6.1 - Permissions to run On Demand Scan

Jump to solution

Assuming this is for ENS, you would probably need to give them permissions for modifying tasks and policies for the point product as well as system tree access under system tree and systems.  Otherwise you would have to check audit log to see, when testing, if they are missing any other permissions.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

McAfee Employee Thussain
McAfee Employee
Report Inappropriate Content
Message 3 of 11

Re: EPO 5.9.1 and ENS 10.6.1 - Permissions to run On Demand Scan

Jump to solution

In order to assign one group of user the permission of run ODS task you will have to make sure the permission set has
1. Endpoint Security Threat Prevention : Tasks has the View and change settings
2. Systems: View "System Tree" tab
3. System Tree access: Can search on the following nodes and portions of the System Tree:My                       Organization
                                        Can access the following nodes and portions of the System Tree:My Organization

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

Re: EPO 5.9.1 and ENS 10.6.1 - Permissions to run On Demand Scan

Jump to solution

Thank you for your quick response. It is truly appreciated. Here is what I have determined:

When I added the 3 permission changes that you listed below, only the “Modify Task” option was available. The option to do a “Run Task Now” was not available. But your information was very helpful.

Once I added the permission to allow “Wake up agents; view Agent Activity Log ”,  I was able to select a server or workstation, choose “Actions”, then “Agent” then “Run Client Task Now”, which allowed me to choose “Endpoint Security Threat Prevention”, and complete a Custom On Demand Scan or a Policy Based On Demand Scan.”

I could also choose On-Demand Scan – Full or On-Demand Scan – Quick Scan

I would then be presented with the “Running Client Task Status” screen.

The Full Scan seems to take quite some time. I am checking to see if this is related to a Policy Setting

Can you please tell me the best way to validate the start time and completion time for a Full On Demand scan? I could not locate this directly in the ENS Log files (in %ProgramData%

 

Once again, thank you for your outstanding assistance.

McAfee Employee Thussain
McAfee Employee
Report Inappropriate Content
Message 5 of 11

Re: EPO 5.9.1 and ENS 10.6.1 - Permissions to run On Demand Scan

Jump to solution

@Glenn_Bolton 

That's a wonderful share and Kudos to you for sharing your knowledge and marking the answer as solution. This will help other community users with similar question to find answer

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 6 of 11

Re: EPO 5.9.1 and ENS 10.6.1 - Permissions to run On Demand Scan

Jump to solution

The on demand scan log should show start and stop times for it.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

McAfee Employee LKS
McAfee Employee
Report Inappropriate Content
Message 7 of 11

Re: EPO 5.9.1 and ENS 10.6.1 - Permissions to run On Demand Scan

Jump to solution

That should be present under <C:\ProgramData\McAfee\Endpoint Security\Logs>. As cdinet mentioned, you can either check the details in logs or if you would like to pull those information via ePO, you can create a custom query to pull information like "On-Demand scan start" ""On-Demand scan stop", by quering event id's.

McAfee managed products generated Event IDs listed in ePolicy Orchestrator

https://kc.mcafee.com/corporate/index?page=content&id=KB54677

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!

Re: EPO 5.9.1 and ENS 10.6.1 - Permissions to run On Demand Scan

Jump to solution

Thank you. I was able to determine the Log file location. Much appreciated. The remaining issue is this:

I have a two Client Tasks setup for the purpose of running an On Demand Quick Scan and an On Demand Full Scan. In testing, when I run these manually from within EPO, I am getting inconsistent results. Sometime the scan will complete, but most of the time it fails. Now when it runs as as an automated scheduled Client Task, it runs fine. Since this is happening in two different EPO environments, I may simply open a Support Call to McAfee.

I have to get this functionality in place for second level support. I will check the McAfee Community, but if you are aware of a possible fix, I would be grateful for your response.

Thank you.

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 9 of 11

Re: EPO 5.9.1 and ENS 10.6.1 - Permissions to run On Demand Scan

Jump to solution

Run client task now depends on several things.  

1.  Active system to receive the task at the time it is sent

2.  RCTN task might have a time limit set on it - check for that.

3.  There must be no data channel communication failures in the server log on the epo server or agent handlers.  

You can check the server log for errors or the client logs (masvc agent log) to see if it received the task.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

Re: EPO 5.9.1 and ENS 10.6.1 - Permissions to run On Demand Scan

Jump to solution
My apologies for not getting back to you sooner. You are correct. The default time limit is 20 minutes and this is simply not enough time even if you allow the scan to run using full system resources. I change this value to 2 Hours and also changed my On Demand Policy to "Scan Anytime" rather than "Only when the System is idle." Thank you very much. Glenn
More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community