We have an issue where the framework agent gets corrupt on workstation Endpoints and we have to reinstall the framework. It does happen occasionally on our servers, but that is very rare. I was asked to create some automation around detecting broken agents, and re-installing a new agent to fix this issue as opposed to waiting for a user to complain of issues, to find out they are not checking in properly and fail policy updates.. Our endpoints check in every 90 minutes, and I would say 80% are on the LAN while the other 20% checkin through our Relay agent as they are remote. I have parsed through many forums thinking that this is an easy one that is probably out there in most environments, but I may not be searching with the correct keywords, cause I am coming up with very little.
Anyone able to help? I would really appreciate it.
Thank you in advance.
KMC has the right idea; create 1 or 2 agent wake-up client task - 1) Every 15 minutes collect properties that have changed since the last agent-server communication and perhaps a 2) at system startup.
"framework agent gets corrupt "; you may consider toggling on the debug logs for the Agent: McAfee Corporate KB - How to enable debug logging and collect an event trace log for McAfee Agent 5....
Are you able to leverage the "Access Protection Polices"; specifically the ones geared for protecting the modification of VSE and the Agent?
This needs to be one in few steps.
0. create a simple tag named like "inactive agents" in tag catalog.
1. create a query where you will define what you consider as "inactive" agents. for example create a query to detect agents that did NOT check-in with ePO in the last 14 days. basically define your threshold here. apply the tag created earlier.
2. create client task targeting systems with the specific tag created in step 0 in deploy agents again. assuming you have administrative rights on those system.
You can tag systems, and attempt to force a wake-up call or use a Client Task to install the Agent, but both of those rely on the Agent working correctly, meaning that this frankly, probably won't work.
For my instance, I purge all systems that haven't had a successful Agent check-in in the past 30 days. Then, I run an AD sync every four hours. Any system not in ePO gets added to ePO and it runs an Agent Deployment task to push a new Agent.
Sometimes it still doesn't work; the package is unable to uninstall the old Agent framework, but it works much of the time.