cancel
Showing results for 
Search instead for 
Did you mean: 

action taken = None

am runing some reports from EPO 4.5 and some of the catched virus cleaned, delete or block. but another thing appears in the action taken whic is NONE. what is that mean? and where i can change the action taken In EPO when virus detected.

Thank you.

9 Replies
bakerrl
Level 11
Report Inappropriate Content
Message 2 of 10

Re: action taken = None

How to set primary and secondary actions that need to take place on discovery of a virus

https://kc.mcafee.com/corporate/index?page=content&id=KB52961&actp=search&viewlocale=en_US&searchid=...

Scheduled On-Demand Scans do not prompt the user for action

https://kc.mcafee.com/corporate/index?page=content&id=KB52688&actp=search&viewlocale=en_US&searchid=...

Highlighted

Re: action taken = None

Thanks Bakerrl,

Very good info, just some clarifications, as i understood,

On -Demand Scan is a scheduled scan done by the user. correct?

On -Access scaner is a real time scan by Mcafee. correct?

For on demand scan, i have configured an actions through EPO  (clean then delete) but still in my reports i can see action taken is NONE so is that mean i need to configure the On -access scaner action taken also, maybe the action taken (NONE) which appears in the report  is derived from the access scanner action taken? if i was correct, how can i do it from EPO?

Thanks again for the help.

Message was edited by: hotelcalefornia on 12/4/11 2:01:52 AM CST

Message was edited by: hotelcalefornia on 12/5/11 3:48:25 AM CST
bakerrl
Level 11
Report Inappropriate Content
Message 4 of 10

Re: action taken = None

On-Demand Scan can be scheduled or run manually.

On-Access is scanning all the time.

You set your On-Access scan policies in the same general area.

Re: action taken = None

Hi,

I searched and found On Four categories for on access scan policy: Mcafee.bmp

I believe, i must set the action taken on all of them the to monitor if the action taken =NONe result back again. correct?

Regards,

bakerrl
Level 11
Report Inappropriate Content
Message 6 of 10

Re: action taken = None

If you are using different policies for default, low and high-risk policies.

Re: action taken = None

Hi - I'm having the same problem, I set an ODS and in order for me to see the results of that scan I created a threat events query, and filtered by the 'anylzer detection method'.  When I run this query, I get Deleted, Cleaned and None.  When drilling down into the table and an inividual system it shows 'found infected files' , and threat handled: 'true'??

Capture.JPG

Re: action taken = None

More update:

I have run a query report to catch all action taken = none and found alot of viruses with action taken none also some threats type are none and action taken is none:

untitled.bmp

bakerrl
Level 11
Report Inappropriate Content
Message 9 of 10

Re: action taken = None

Probably be best to contact support so you can get a better explanation on these.

Re: action taken = None

I've seen these before but for the life of me cannot remember the exact explaination. Seem to recall that the executable portion of the virus code was removed but the signature stamp is still present.

Don't quote me on that though, I'll see if I can find a definative answer

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center