I'm trying to test using VSE 8.8 (in ePO) unwanted programs to search for exectuables that have been forbidden on our network. I put the exectuable "TESTTESTTEST.EXE" in the policy and also put it in the access protection policy under user defined items. I run an on demand scan and try to use a query to see it once completed , but it doesn't appear to have been detected. What am I missing? Is there an easier way to go about doing this?
I would start by checking that "detect unwanted programs" is ticked for the On-Demand Scan.
Also, I would check that the Application's filename is defined in the "workstation" (or "Server") policy as is appropriate.
BTW, what query are you using to look for the detection in EPO?
Thanks for the reply. It ended up being a corrupt agent that I was doing the scan on. It wasn't getting the new VSE policy. I reinstalled the agent and all is good again. Thanks for the quick reply.