Is there a policy setting that controls how often the ePO processes VirusScan events? :confused:
Situation: I am running ePO 4.0 Patch-4. I have serveral User-defined programs in the VS 8.5 PUP policy which have been triggered, in both real-world and testing scenarios. But the events don't show up in my ePO for several days. Even when I click Send Events from the host Status Monitor and can see the event being uploaded, the ePO doesn't display/report it for a few days. I would like to be able to see these events at least the same day they occur.
I have a Notification rule setup to fire on each occurance of a User-defined PUP detection, and it works. But the "Event Generated" date and "Event Received" date are always days apart. Can't figure out why the disparity.
The MA policy is set to wakeup and receive updates every hour, as well as, enforce policy every 5 minutes. So the events should be uploaded every hour.
While testing, I personally triggered the alert on my machine serveral times. Each time I clicked on "Send Events" in the McAfee Agent->Status Monitor, I could see the number of events, which corresponded to the number of triggered alerts, get uploaded to the ePO. It just takes a few days for the ePO to send a notification and/or show up in reports. :confused:
I'll see if I can locate the parser log you spoke of. Much appreciated.