cancel
Showing results for 
Search instead for 
Did you mean: 

ePO missing threats from managed clients. How to force upload from client to ePO?

Hello,

I have ePO 4.5.0 and the clients are running VirusScan 8.7.

All updates and policys appear to be working ok.

If I search in ePO for threats I get only a subset of the threats detected by the clients (or maybe I am just receiving the threats info from some of the managed systems).

If I go into the managed system and check the log (OnDemandScanLog.txt) I see that the local agent has detected and cleaned several virus.

It seems, this information is not being sent in to ePO.

Btw, the query I use returns threats events reported from managed systems by ip address (of the managed system).

Questions:

Where do I configure the sending of threat events to ePO in the client policies (maybe I configured it wrongly)?

How can I force the client to upload all threat events into ePO?

After the events are uploaded to ePO are they right away available or does it take some time to process (like some hours)?

TIA,

fsanches

3 Replies
Karel
Level 7
Report Inappropriate Content
Message 2 of 4

Re: ePO missing threats from managed clients. How to force upload from client to ePO?

I also have a similar issue.

My agent is saying it uploaded the events to the ePO 4.5 server.

However when i build a query to get latests threats then i have no results returned.

I used the eicar file to test it but still have no luck. Even pressed the button to send the events to the server and like i said the agent replys that it is sending the events but nothing comes into my ePO.

Is there something wrong?

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: ePO missing threats from managed clients. How to force upload from client to ePO?

Make sure that you have checked in the latest VSE  report extension - it is this extension that installs the event handler  that ePO uses to interpret VSE events.

If there's still a problem, check the eventparser log on the server - if there is a problem processing events it'll be there.

Regards -

Joe

Karel
Level 7
Report Inappropriate Content
Message 4 of 4

Re: ePO missing threats from managed clients. How to force upload from client to ePO?

Hello,

Well as you said i checked the VSE RP version and it was the latest version.

Checked the evntparser.log and saw nothing in there wich i found strange so i just restarted the services wich did the trick.

All events are streaming in my EPO now so it looks as if it is ssolved.

Thanks for the info

Message was edited by: Karel on 5/19/10 2:43:18 PM CEST