cancel
Showing results for 
Search instead for 
Did you mean: 

ePO 4.6 Detection Reporting

Jump to solution

Hello,

We've started rolling out ePO 4.6 / Agent 4.6 / VS 8.8 to our customers. For the most part it has been pretty smooth. One thing we've noticed is that ePO isn't reporting activity in the "VSE: Threat Names Detected Per Week" or "Malware Detection History" reports in the dashboard. Before the upgrade to 4.6 we would at least see "Scan Timed Out" messages. There is nothing after the upgrade date. There are a couple situations where VirusScan found an infection on one of the workstations and that still doesn't show up in the dashboard. All the agents show up in the System Tree and show as up to date, so communication doesn't seem to be a problem.

Is there something else we need to do to make certain the workstations are correctly reporting their detection status?

1 Solution

Accepted Solutions
andrep1
Level 14
Report Inappropriate Content
Message 6 of 7

Re: ePO 4.6 Detection Reporting

Jump to solution

Your scan time outs might be filtered out. They would log locally but not be forwarded to the ePO server.

Check in

Menu, Configuration, Serevr Settings, Event Filtering if event 1059 is checked.

6 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: ePO 4.6 Detection Reporting

Jump to solution

You need to make sure you have checked in the VSE 8.8 reporting extension if you haven't already done so: this is what allows ePO to understand VSE 8.8's events.

HTH -

Joe

Re: ePO 4.6 Detection Reporting

Jump to solution

Yes, we do have the report extensions loaded that came packaged with the VSE880LML.zip. It shows version 1.2.0.136 for the VirusScan Enterprise Reports. Status is "Installed" and "Running".

hem
Level 15
Report Inappropriate Content
Message 4 of 7

Re: ePO 4.6 Detection Reporting

Jump to solution

I will suggest you to create an event with Eicar  test and follow the sequence.

1. Whether event is getting created or not (\Documents and settings\All Users\Application data\McAfee\Common framework\AgentEvents).

2. If yes then please click send events from Agent monitor window.

3. Verify if the event has come to ePO \DB\Events folder.

4. If it parsed succesfully to DB then it should appear in the query result.

5. If not then please look at Event parser log file why event parsing is failed.

Re: ePO 4.6 Detection Reporting

Jump to solution

We just did this test and it did make it through to the Dashboard. I guess it is working, it just made me nervous to have no activity showing. Does 4.6 no loger report on "Scan Timed Out"?

andrep1
Level 14
Report Inappropriate Content
Message 6 of 7

Re: ePO 4.6 Detection Reporting

Jump to solution

Your scan time outs might be filtered out. They would log locally but not be forwarded to the ePO server.

Check in

Menu, Configuration, Serevr Settings, Event Filtering if event 1059 is checked.

Re: ePO 4.6 Detection Reporting

Jump to solution

Looks like this was the cause. Upgrading from ePO 4.5 to 4.6 must set this event filtered because it was reporting scan time outs before the upgrade. Thanks.

Turns out the other workstation that had an infection, the agent was not reporting back to the ePO server correctly. After another rollout of the agent, that was fixed too.