cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Virus Scan Table in EPO database?

Hi I am using ePO 4.5 with Virus Scan 8.7i and i have succesfully deployed the clients.

I have sql management studio express and I was looking for the table which logs all the virus scan events. I noticed that there were seperate tables for all the other mcafee devices like HIPS, PA but not for Virus Scan???

Although I did find a few events in the dbo.EPOEvents table but I am looking for more comprehensive logs for the virus Scan..

9 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 10

Re: Virus Scan Table in EPO database?

Hi...

What sort of things are you looking for? VSE only reports certain things back to ePO, so it may well be that what you're after is not in the database

Regards -

Joe

Highlighted

Re: Virus Scan Table in EPO database?

Hey,

I am looking for all the VSE 8.7 events. Events table lists them and as andrew suggested I went to the server settings->event filters  and only a few events are selected in that. It has the option of selecting all the events. But I want to know if there is a event Id range which is pertinent to only VSE.

I found this list which claims that it has all the VSE events, can you please confirm if these are the only VSE events or there are more.

https://kc.mcafee.com/corporate/index?page=content&id=KB52417&pmv=print

Thanks,

Micks

Message was edited by: micks_84 on 12/3/09 11:55 AM
Highlighted
Level 12
Report Inappropriate Content
Message 4 of 10

Re: Virus Scan Table in EPO database?

This is a complete list.

Highlighted

Re: Virus Scan Table in EPO database?

This list is not complete for sure. When you look at all the events in the event filter there are a lot of other events there which are pertinent to VSE but I am not able to get a complete list documented anywhere.

Also in the EPOEventFilterDesc there is this column called description which has

On Demand scan complete. Detections %NUMVIRS%, Cleaned %NUMCLEANED%, Deleted %NUMDELETED%, Quarantined %NUMQUARANTINED%.Scan version %ENGINEVERSION% DAT version %DATVERSION%.

I am just looking for the table which has all these %----% values. and a complete list of vse events alone.

Highlighted
Level 12
Report Inappropriate Content
Message 6 of 10

Re: Virus Scan Table in EPO database?

Be aware that a number of these events look like they can apply to VSE but are actually for other products (e.g. GSE, GSD, LinuxShield, etc.). I would suggest opening a thread in the VSE community to see if they may be able to confirm this information.

Highlighted

Re: Virus Scan Table in EPO database?

Also in the EPOEventFilterDesc there is this column called description which has

On Demand scan complete. Detections %NUMVIRS%, Cleaned %NUMCLEANED%, Deleted %NUMDELETED%, Quarantined %NUMQUARANTINED%.Scan version %ENGINEVERSION% DAT version %DATVERSION%.

Can you tell me where these values are stored???

I have posted a thread in the VSE section to confirm if the link  i posted consists of all the vse events, no replies yet though..

Thanks,

Micks

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 10

Re: Virus Scan Table in EPO database?

micks_84 wrote:

Also in the EPOEventFilterDesc there is this column called description which has

On Demand scan complete. Detections %NUMVIRS%, Cleaned %NUMCLEANED%, Deleted %NUMDELETED%, Quarantined %NUMQUARANTINED%.Scan version %ENGINEVERSION% DAT version %DATVERSION%.

Can you tell me where these values are stored???

I'm not sure what you mean by "these values" - do you mean the variables? If so, then these are stored as part of the event itself.

Again, can I ask what it is you're trying to achieve? If we had a better idea of what you want to do we may be able to help better...

I have posted a thread in the VSE section to confirm if the link  i posted consists of all the vse events, no replies yet though..

Certainly as far as we know that list is definitive: it was written by the VSE team, and I'm not aware of any updates to it.

Regards -

Joe

As Greg said, that list is a complete list of VSE events

Highlighted

Re: Virus Scan Table in EPO database?

Hi Joe,

I am trying to find all the VSE events somewhere in the database.

I am using the EPOEvents table along with the EPOEventFilterDesc to make a query which lists all the VSE events. These 2 tables are good but I am not able to find the values to the variables in the description field:

So here is the Problem:-

For event ID 1203 -On demand scan completion, in the  table eventsfilterdesc, the description field is:

On Demand scan complete. Detections %NUMVIRS%, Cleaned %NUMCLEANED%, Deleted %NUMDELETED%, Quarantined %NUMQUARANTINED%.Scan version %ENGINEVERSION% DAT version %DATVERSION%.

Where can i find the values for %NUMVIRS%, %NUMCLEANED%,%NUMDELETED% etc.

Like when you mentioned they are stored as a part of the event itself. Where is that? It does go in the windows event log viewer.. but it has to be stored somewhere in the database as well right?

Also for example when you look at this event 1032 :-

The file %FILENAME% contains the %VIRUSNAME% %VIRUSTYPE%. The detection was moved to quarantine area. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.

The variable fields are stored in the events table itself and I was able to find them but I haven't been lucky to find the values for the former.

I hope this makes sense

Thanks,

Micks

Highlighted

Re: Virus Scan Table in EPO database?

dbo.EPOEvents is the correct table for all VSE generated events. As Joe said, what exactly are you looking for?  Make sure the events you want are not being filtered (under 'Server Settings >> Event Filtering'  Let us know what you're looking for and we may be able to help.  In many situations to find the information you want you'll need to combine data from a few different tables...

Andrew

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community