cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

ePO to collect Endpoint On Demand Scan Activity Log

Normally I will manually issue a client task to Endpoint to perform an On Demand Full Scan when any suspicious threat detected. On Demand Full Scan will perform and write details log to Endpoint local harddrive C:\ProgramData\McAfee\Endpoint Security\Logs and ePO Threat Event will show one scanning result without details. Please advise how I can grab or export the log from Endpoint local to ePO for audit purpose.
9 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 10

Re: ePO to collect Endpoint On Demand Scan Activity Log

Hi Ting_Chung,

Are you looking for ENS logs to be exported via ePO. or you just want to export On-Demand scan report from EPO..? If that is what you are looking, then below article suites your requirement. 

https://kc.mcafee.com/corporate/index?page=content&id=KB69428

Highlighted

Re: ePO to collect Endpoint On Demand Scan Activity Log

Maybe let me transform the question - After Endpoint performed an On Demand Scan Activity, where can I get this details log from ePO which will same content with Endpoint local drive C:\ProgramData\McAfee\Endpoint Security\Logs\OnDemandScan_Activity.log

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 10

Re: ePO to collect Endpoint On Demand Scan Activity Log

Unfortunately we cannot grab Endpoint logs from EPO.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 10

Re: ePO to collect Endpoint On Demand Scan Activity Log

Hi @Ting_Chung,

The Answer would be a no here. ePO can only handle "Events" and not "Logs" from the endpoints.

Scan Started and Scan completion are events where as the number of files scanned, scan duration would all come under the log file which is not possible to be pulled to ePO. I sincerely hope this helps.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 10

Re: ePO to collect Endpoint On Demand Scan Activity Log

guys,

Would this be helpful here?

The second KB discussed how to setup a report in ePO, the first offers a list of event IDs that can used in the report created!

Event IDs generated by Endpoint Security for Linux Threat Prevention
Technical Articles ID: KB88351

How to create an ePolicy Orchestrator report for Endpoint Security reporting Event ID: 1203 (on-demand scans)
Technical Articles ID: KB87752

 

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: ePO to collect Endpoint On Demand Scan Activity Log

Thanks for all the replies and comments ! 

@Hawkmoon Tried to follow KB87752 suggestion but this is the same only overall On-Demand Scan result but not similar the local log file (OnDemandScan_Activity,log) showing details with how many files scanned / not scanned / deleted / cleaned etc.

The reason why is because we require to capture these info for our internal audit progress for supporting so we need this details instead of the summary. 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 10

Re: ePO to collect Endpoint On Demand Scan Activity Log

Am afraid this is going to be a PER. EPO pulls only Scan Start/completed/Aborted message as an event. It does not capture the number of files scanned/deleted and other stuff. 

https://kc.mcafee.com/corporate/index?page=content&id=KB60021

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 10

Re: ePO to collect Endpoint On Demand Scan Activity Log

AdithyanT is correct, there is no way to get the full log data via epo.  I suppose you could use eedk possibly to script out something to copy files to a shared location, but that isn't a feature epo can do on its own.  You can submit an idea for it if desired.  See kb60021.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 10

Re: ePO to collect Endpoint On Demand Scan Activity Log

Check this article on GitHub.

https://github.com/bmarandel/Collect-Files-Via-McAfee-ePO

Regards,

Ben.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community