cancel
Showing results for 
Search instead for 
Did you mean: 

ePO 4.5 - server task doesn't work as expected

Jump to solution

I created a query that returns all of the IP addresses of hosts that fit two criteria; they are rogues and they are windows.  I then created a task that runs that query and then performs an agent install.  The query runs fine but only runs on 49 hosts.  Those hosts happen to be the only ones that ePO has identified the hostnames for.  Since my query only returns the IP, I'm not even sure how this is possible, but it's doing it.

Anyone have any ideas where to look to resolve this?  I've disabled the task until I can figure out why it isn't working as expected.

Here's the sql for the query:

select [RSDDetectedSystems].[IPV6], [RSDDetectedSystems].[HostID] from  [RSDDetectedSystems] where ( ( [RSDDetectedSystems].[Rogue] = 1 ) and (  [RSDDetectedSystems].[OSPlatform] = N'Windows' ) )

When I run the query it returns a table of IP addresses.

This is the server task:

Actions:

1.  Run Query
Query name:                                                 Detected Rogue Windows Systems ,                 Language:                                   English
1.1  Deploy McAfee Agent
Agent version:McAfee Agent for Windows 4.5.0 (Current)
Install only on systems that do not already have an agent managed by this ePO serverfalse
Force installation over existing versiontrue
Installation path:<PROGRAM_FILES_DIR>\McAfee\Common Framework
1 Solution

Accepted Solutions

Re: ePO 4.5 - server task doesn't work as expected

Jump to solution

Hi pschmehl,

I am referring to "Menue -> Automation -> Automatic response -> New response".

Then select "Event group=Rogue System Events", "Event type=Rogue system detected".

As filter I strongly suggest to set "Rogue=True and Managed=False and Exception=False and Inactive=False".

As aggregation set "for every event".

Then as action set "Deploy McAfee Agent".

Cheers Tom

Nachricht geändert durch metalhead on 01.11.10 17:47:47 MEZ
6 Replies
TN2010
Level 7
Report Inappropriate Content
Message 2 of 7

Re: ePO 4.5 - server task doesn't work as expected

Jump to solution

Hi.

Well, don't take this as the complete truth, because i am not 100 % sure of it :-)

It seems to me based on my testing with normal installations that the EPO Agent installer will only install the agent to a computername, not the IP adress.

I have tried several times to get an Agent installed from the EPO console based on IP, but it seems that the ip i am adding is taken as a computer name not an ip.

In regards to the table you are generating that contains ip adresses, i do not really think EPO cares about what properties you have on it. It seems to me that it will select the computer name property out of your query for further processing regardless of what you have selected.

If anyone else have any more info on this subject, feel free to step in and proove me wrong :-)

Thomas

Re: ePO 4.5 - server task doesn't work as expected

Jump to solution

Pushing the ePO Agent manually from the epo console works also when entering an IP address.

Why don´t you use the directly implemented automated answer for a detected rogue system ?

Re: ePO 4.5 - server task doesn't work as expected

Jump to solution

metalhead wrote:

Pushing the ePO Agent manually from the epo console works also when entering an IP address.

Why don´t you use the directly implemented automated answer for a detected rogue system ?

I don't know what you mean by "directy implemented automated answer".  What are you referring to?

Re: ePO 4.5 - server task doesn't work as expected

Jump to solution

Hi pschmehl,

I am referring to "Menue -> Automation -> Automatic response -> New response".

Then select "Event group=Rogue System Events", "Event type=Rogue system detected".

As filter I strongly suggest to set "Rogue=True and Managed=False and Exception=False and Inactive=False".

As aggregation set "for every event".

Then as action set "Deploy McAfee Agent".

Cheers Tom

Nachricht geändert durch metalhead on 01.11.10 17:47:47 MEZ

Re: ePO 4.5 - server task doesn't work as expected

Jump to solution

Excellent!  Thanks a lot, metalhead.  Solved my problem.  I've been using ePO a long time, so I'm used to some of the old ways of doing things.  Hadn't even thought of Automatic Response as an option.

Re: ePO 4.5 - server task doesn't work as expected

Jump to solution

No problem - and please keep in mind to set the filter correct as we expierenced problems without it (ePO was then pushing the McAfee Agent to EVERY system detected by a sensor - and this at EVERY detection time !)