cancel
Showing results for 
Search instead for 
Did you mean: 
uhaba
Level 7
Report Inappropriate Content
Message 1 of 6

How to find endpoints that have not performed on demand scan in last month?

I've found that some systems on the network have both the agent and VSE, but for some reason have not performed the on demand scan I have tasked them with. This should occur twice a week. One system I found has not performed a scan in 4 months. Is there a filter or something I can run to find the systems that have not performed the applied on demand scan task recently?

5 Replies
Troja
Level 14
Report Inappropriate Content
Message 2 of 6

Re: How to find endpoints that have not performed on demand scan in last month?

Hi,

1.) check the system where ODS has not run. Check if there is a task assignment on this group.

2.) On Win7 check the directory %Programdata%\McAfee\Common Framework\Taks (Default Installation Directory) and check the *.ini Files.

For every EPO task an ini file is located there. Check if there is a task for ODS scanning.

3.) check your epo configuration if the events for ODS are sent to epo or not. If yes, check if there are client for ods for the client available.

Cheers,

Thorsten

Re: How to find endpoints that have not performed on demand scan in last month?

I would agree with Troja. Make sure the client is receiving the ODS task, is online when the task is set to run, and you could put a check mark in the schedule for Run Missed Task in case it was not online.

You can open the VSE console on the local machine and see when the Last Run time was, but that information is stored locally on the client and is not sent to the ePO DB - meaning you will not be able to run a query from the front end or DB for specific machines that have not ran a ODS.

notime
Level 10
Report Inappropriate Content
Message 4 of 6

Re: How to find endpoints that have not performed on demand scan in last month?

If you need to get these information from ePO you need to enable this option first(1202: On-demand scan started )

from server Setting, Event Filtering.

Re: How to find endpoints that have not performed on demand scan in last month?


notime wrote:



If you need to get these information from ePO you need to enable this option first(1202: On-demand scan started )



from server Setting, Event Filtering.


Good info! Just remember if you enable this, depending on how many clients you have in your organization, this will send a TON of events into the DB.. as long as you are purging it should be ok though.

Troja
Level 14
Report Inappropriate Content
Message 6 of 6

Re: How to find endpoints that have not performed on demand scan in last month?

Hi uhaba,

you can also activate two Events which are deactivated by default.

1202: On-Demand scan started

1203: On Demand scan complete

Define a Query with Event Generated Time and Hostnames and filter this two EventIDs. The result should show when an OnDemand scan was run on an endpoint.

Cheers,

Thorsten