Showing results for 
Search instead for 
Did you mean: 
Level 9
Report Inappropriate Content
Message 1 of 4

EPO - strange behaviour

Hi everyone,

We have been using EPO for about 3 years over several versions and have been experiencing most of the problems listed below since day 1. McAfee support has been of no help to us and I'm turning to here to hopefully gain assistance from the general user community.

We currently run EPO v4 patch 1 with around 270 clients all running agent v3.6.0 patch 3. Our environment is very simple and basic with only a single EPO server.

The problems we have are:

1) EPO 'loses' contact with agents. It doesn't really but reports that it does. For instance if you look in EPO4's 'Inactive Agents' report, it will list several agents as inactive with a last update time of several months ago. If I connect to the agents HTTP server port to view its log, the agent is quite happily communicating with the EPO server and getting policy and DAT updates on the defined schedule. If I do a 'Wakeup Agent Call' with full props, the agent will move out of the inactive agent report. Why is EPO showing active agents as inactive? It is communicating with the 'inactive' agents without seemingly updating its own last update time.

2) We have a reasonable turn-over of staff and often a laptop computer will go through 3 or 4 hands in any given year. Our normal process after backing up the previous user's data is to use the EPO console to delete the agent from the systems tab. We then wipe & re-image the machine with our SOE image (which has no agent installed) and then push out the agent to the newly imaged machine from the EPO console. Problem is that often EPO refuses to recognise the new agent after it is pushed out. Or EPO will add the agent in under the old computer name. Or EPO will put the agent into lost and found. It seems that EPO is using something other than the Agent GUID to uniquely identify the computer. Perhaps its MAC address? If we are deleting the old computer from the systems tab prior why should EPO be still using that old computer name when the agent is installed on the newly imaged machine with a new name?

3) Inconsistent number of computers listed in the EPO 'Compliance Summary' report. On any given day it can change by 40 in the total number of computers (compliant + non-compliant). This occurs even if there are no computers added or removed from EPO. Eg. One day it may say we have a total of 200 computers, then next day a total of 260.

Can anyone provide insight or help us with the above issues? We are getting very frustrated with EPO and seriously considering dropping it for a competing product. Whats the point if it cannot be relied upon?

Thanks for your time grin
3 Replies
Level 9
Report Inappropriate Content
Message 2 of 4

RE: EPO - strange behaviour

RE: Point #3

I have now worked out why it inconsistently reports the total number of computers.

McAfee in their infinite 'wisdom' have limited the 'EPO: Compliance Summary' report to only report on agents which have contacted the server in the last 24 hours!

I don't know about everyone else but when I see a report titled 'Compliance Summary' which displays a pie chart segregated into 'Compliant' and 'Non-Compliant' I expect it to be reporting on the total population of agents, not a time limited subset. McAfee should rename this report so it is more clear on what it reports on.

The remaining points #1 and #2 still stand unresolved.

RE: EPO - strange behaviour

A big thank you!
Now i finally know why i don't see all the computers in the report.

Level 13
Report Inappropriate Content
Message 4 of 4

RE: EPO - strange behaviour

re 1) set 2 agent wakeup tasks in policy, 1 am 1 pm.
This gets around the fact that the agents work without bothering to tell EPO that they are.