Showing results for 
Search instead for 
Did you mean: 

How to do a query for a hotfix with EPO 4.0


in our 3000 client company I manage antivirus software with "McAfee ePolicy Orchestrator 4.0". At the moments clients have Agent 4.0 too, but I will go to Agent 4.5. Befor I do it, I have to distribute a compatibility Hotfix number 517265.

My question is:

Is it possible to do a query to see, how often the patch is distribute? I have many queries with Epo Version, Epo Patchlevel, but I don't find a way for a query for a hotfix.

Please help me.

3 Replies

Re: How to do a query for a hotfix with EPO 4.0

moving this to ePO...


McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: How to do a query for a hotfix with EPO 4.0

According to the hotfix release notes, it changes only three files:

Files affected:


So the actual build for the rest of the product remains the same (patch 1 or 2) - this means there may not be a straight forward way of querying it from ePO 4.0.

You can however do this using a System Compliance Profiler rule. To do this follow the steps below:

On the ePO console, click Systems --> Policy Catalog.

In the product drop down, select System Compliance Profiler 2.x.x

Click New Policy

In the Create a new policy window, type a name for the policy such as 'VSE HF517265 Check'

Click Ok.

In the Rules Window, Click Custom Rules

Click Add Group - Give it any name

Select that group under Custom Rules and click Add Rule

Type a name for the rule in the 'Name of rule field' for e.g. 'Check for VSE HF517265'

Uncheck all irrelevant Operating Systems such as windows 98, Windows ME etc

In the Criteria field, make sure Match a file is selected

In the File Path drop down select PROGRAM_FILES_DIR and complete the path to one of the three files listed above - for e.g. McAfee\VirusScan Enterprise

In the File name field type shstat.exe

Choose 'Version is greater than or equal to' from the drop down and type in the version listed above (e.g. for shstat.exe)

Save the policy

If you have never used SCP before, you will need to ensure the SCP scanner is installed on the client systems as part of a deployment task.

After this, ensure that a SCP scan client task is configured on the ePO system tree for all the systems.

Now when the scp scanner runs the next time this rule is checked the results are sent to ePO.

Using one of the existing SCP queries  (for e.g. SCP: Non Compliance Summary by Rule Group) you can get the list of systems that violate the rule (do not have the HF installed)

Hope that helps....



Re: How to do a query for a hotfix with EPO 4.0

Hello Sailendra Pamidi,

many thanks for detailed answer.

Until today we don't use and don't have installed System Compliance Profiler on clients. But I have installed SCP on a test machine about your instruction and I created a SCP Scan Task (in the 2nd step configuration I can read: "No additional settings for SCP Scan Task"). I hope, it is so right.

Furthermore I edited Policy Catalog and added a query for the hotfix according your instruction. The SCP Scan Task is worked on a test machine (run and wake up agent) . So far I had no problems.

My problem is to know, how I can do a query for hotfix or general query with patch level. Through the standard queries I don't get an answer.

Can you give me a anser?


Message was edited by: andreasw on 11/02/10 05:15:10 CST

Message was edited by: andreasw on 11/02/10 05:21:44 CST