I've installed the Extra dat for the Petya ransomware that is on the internet at the moment. I normally have to highlight all the PC in ePo > Update > choose the dat file and push.
How do I get this to automatically get pushed when the agent checks in? the normal sdat does get automatically push when the a new sdat come into the ePolicy server though.
You can either modify your existing client update task to allow for the extra.dat. The option that I chose was to create a seperate update task that I call "Update ExtraDat". This I set to run immediately. The clients will get that update task and will start pull down the extra.dat when they next communicate.
This sounds like what I need. I found these instructions, but set the run immediately with a randomise of 15mins as we have 500 PCs. Does t look good?
First, under Menu --> Policy --> Client Task Catalog, Hit the 'New Task' button at the bottom of the page. Select 'Product Update' and hit 'OK'. Name your new task (I chose Deploy Extra.DAT). See the attached picture for settings. Then save.
Next, Go to 'System Tree', and choose 'Assigned Client Tasks' at the top of the page. Click 'Actions' at the bottom of the page, and choose 'New Client Task Assignment'. Choose 'McAfee Agent' in the first column, 'Product Update' in the second, and you new task (Deploy Extra.DAT) in the third, then click 'Next'. Set Schedule Type to 'Run Immediately', and if you have many systems, you'll want to check 'Enable Randomization' and set the interval over which you want ePo to spread out the deployment (Keeps you from flooding your network). Click 'Save'.
It is good to set randomization. I had over 1700 systems and set mine to 10 minutes. I did perform a wakeup call to groups of 200 systems at a time. Didn't notice any real slow down on my ePO server when deploying the extra.dat. Managed to get it out to 1700 system within about 45 minutes. What you are doing looks good.
How can I tell it has been installed on the client machines without visit them? For example I can see my laptop has the extradat, but via the ePo server I can see where this might show?
What I did was to create a query that lists the extra.dat and called it find Ransomware extradat. Below are some screen captures.
when run, it will list if the system got the ransomware extra dat as shown below;