Epo Reports Dat date, Dat version and Engine Version as 0 on all the affected machines. On access scan reported as disabled on individual machines.
See https://kc.mcafee.com/corporate/index?page=content&id=KB76004&elq=a20a206709c24aa9ad7bcbfd33282145
Here were my steps to solve this problems.
1. Create TAG for problematic pc's
-Open EPO, go to MENU -- TAG catalog.
-Click TAG ACTIONS button and select NEW TAG (for example: problematic pcs).
2. Mark problematic pcs.
- Open EPO, go to MENU -- REPORTING -- Queries & Reports.
- Under All groups find EPO compliance Summary and RUN it
- Click on Non-Compliant computers
- In the upper left corner create filter (custom/add) and find Virusscan Enterpries Properties - Engine Version
- Select that Engine Versions equals 0.0000 and click update filter
- Mark found computers with 0.0000 and select ACTIONS -- TAG -- APPLY TAG
3. Create a task for REMOVEMENT of VSE
-Open EPO, go to MENU, policy, Client Task catalog.
-Under Mcafee Agent/Product Deployment select NEW TASK
-For Product and components select your version VSE and for action choose remove.
-After task is created click on assign and choose your organization where to assign
-For Scheduler be carefeull to select send this task only to computer with tag: PROBLEMATIC PCS
-Click next and for Scheduled type choose - run immediatelly.
4. Wake up agents.
-In EPO, menu, system --- system tree select only problematic tagged pcs, and choose actions - agent - wake up agent
5. Check if VSE is removed
-You can do another wake up agents in 5 mins too see/check if VSE is removed, or you can manually rdp on one of the machines.
6. Create a task for DEPLOY VSE
-its the same as step 3, instead of removing VSE, you choose install
-after creating and assing task, wake up agents.
7. If everything is fine you can clear this tag from problematic pcs
Another possible solution (seemed to work on one machine but not fully tested)
1. Find a machine that hasn't been updated for example one still on DAT 6806
2. Copy avvclean.dat, avvnames.dat and avvscan.dat from C:\Program Files\Common Files\McAfee\Engine on said computer
3. Stop McAfee services on problematic computer (FrameWork Service and McAfee Service)
4. Replace files with the ones just copied
5. Restart McAfee services and run an update
My solution has now worked on three machines i've tried it on
Rolling back the DAT and then updating allows the On-Acess scanner to start.
Copying files on 1000+ computers can be a little bit more difficult and longer procedure instead of remove&deploy?
good solution for few machines, thanks for sharing.....
Also handy for machines at the end of low bandwidth WANs.
I've got 50 machines at the end of 256Kb WAN links with the issue, redeploying VSE during working hours really isn't an option.
Message was edited by: Tristan on 20/08/12 11:37:29 ISTHi
I have same problem at about 170 Computers.
I use ePO version 4.0 and can't reproduct tasks stated in post 11.
Could anyone translate it to my version ? I can't find option to schedule task removing VS just for tagged systems and don't want to wipe all VS in company by making a mistake.
TAGs aren't avaliable in ePO 4 they we're introduced in 4.5 i believe.
Your best bet is to create a new group in your system tree, manually move the affected machines into the group and apply the tasks to only that group.
i have tags but can't use them to deploy i think.
anyway i can't find any computer with older defs. but have some with newer
is it possible tu use dat version 6809 files to replace ??
PS. I noticed that numer of computer with dat and version numer 0.000 is droping
from initial 170 pieces now have 120 and droping with no action taken.
Message was edited by: piosk on 8/20/12 7:57:33 AM CDTDownload the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
Corporate Headquarters
2821 Mission College Blvd.
Santa Clara, CA 95054 USA