Showing results for 
Search instead for 
Did you mean: 

ePOwerShell Module

Months ago I started writing a Powershell Module for the ePO Web API, named "ePOwerShell". My goal was to implement the few CMDLets I had in mind, but unfortunately I was not able to finish the code and publish the module. Today I dug up the source code and I'm thinking of continuing the project. I use Powershell alost daily and I use this module to apply tags to systems I get from our asset database. It's still in pre-alpha stage, but if the community is interested I might consider publishing it.

The few CMDLets I have implemented:

  • Connect-EpoServer
    Connect to the McAfee ePO server and cache the connection object for later use.
  • Get-EpoSystem
    Find systems in the ePO tree by name, IP address, MAC address, user name, agent GUID or tag. This Cmdlet impleme the "system.find" web api call.
  • Get-EpoTag
    Get tags available in ePO or tags assigned to system. This Cmdlet implements the "system.findTag" web api call.
  • Add-EpoTag
    Apply one or more tags to a system. This Cmdlet implements the "system.applyTag" web api call.
  • Clear-EpoTag
    Clear one or more tags from a system. This Cmdlet implements the "system.clearTag" web api call.
  • Get-EpoQuery
    Get all available queries from ePO. This Cmdlet implements the "core.listQueries" web api call.
  • Invoke-EpoQuery
    Execute an ePO query. This Cmdlet implements the "core.executeQuery" web api call.

And this is what it looks like in Powershell:

  • Getting system info
  • Applying tags to a system
  • Listing queries

  • Running a query (boolean pie chart)

The following CMDLets were/are on the list to be implemented:

  • Send-EpoAgentWakeupCall
  • Get-EpoServerTask
    • Start-EpoServerTask
    • Stop-EpoServerTask
    • Enable-EpoServerTask
    • Disable-EpoServerTask
  • Get-EpoPermissionSet
  • Get-EpoUser
  • New-EpoUser (accept input from Get-ADUser)
  • Remove-EpoUser
  • Update-EpoUser (accept input from Get-EpoPermissionSet)
  • Enable-EpoUser
  • Disable-EpoUser

What I want to know from the community is:

  1. Would you be interested in such a module?
  2. What functions are missing?
  3. What functions would be "nice to have"?

All feedback is appreciated!

Message was edited by: mischaboender on 8/25/12 3:55:36 PM CDT
13 Replies
Level 9
Report Inappropriate Content
Message 2 of 14

Re: ePOwerShell Module


Good to hear you're working on it again!

Maybe you can think of commands of waking up agents, forcing policy refresh on agents etc.

I'm thinking of automatic reactions based on SCOM monitoring, which I know you are using .

Of course those actions are general an can be used in other monitoring solutions as well.

I haven't worked with the Web APi much, so I don't know if those actions are really possible...


Re: ePOwerShell Module

Already working on a "Send-EpoAgentWakeup" cmdlet, but I'm not sure jet what to return.

I've been playing with agent wakeups through the api, but it doesnt just send the call, it will also wait for the task to finish. This causes a HTTP time out most of the times (even with max time out set to 1 minute). I forced an expiration during an agent wakeup call and it took almost 4 minutes to expire. Most of the times you don't want to wait that long before getting results from a c'mdlet.

And if I don't get a time-out, I only get the amount of completed, failed and expired wakeups. There is also no server task that I can watch before I return results. So there is no way of returning systems that did, or did not wake up. I could return the amount of completed wakeups, but that could take a lot of time (in case of expired wakups) and I don't think the info is very usefull.

Maybe I can make a "SecondsToWait" parameter, return the epo system objects after that amount of time, and add a boolean property to the objects that is "true" when the last communiction is within "SecondsToWait" from now.

Level 7
Report Inappropriate Content
Message 4 of 14

Re: ePOwerShell Module

This sounds very interesting, I have been looking for a solution to use powershell for running epo queries. Hope you will publish it someday.

Re: ePOwerShell Module

I'm trying to get it out before the Focus 2012 event. Running ePO queries will be in the release!

Got some new ideas I want to incorporate into the code that allows custom formatting of the returned objects.

Re: ePOwerShell Module

Returning customized object types works! This allows for formatting the returned objects per cmdlet.

Got Send-EpoAgentWakeupCall working, but I still have to spice up the returned results. Working on the ability to wake up whole groups of systems (Get-EpoGroup | Send-EpoAgentWakeupCall). Also implemented Get-EpoClientTask and Invoke-EpoClientTask.

Re: ePOwerShell Module

Here some examples of how to use the cmdlets that I have implemented until now:

System related:

Get-EpoSystem "MyComputer" | Add-EpoTag "MyTag1", "MyTag2"

Get-EpoSystem "MyComputer" | Clear-EpoTag "MyTag3"

Get-EpoSystem "MyComputer" | Send-EpoAgentWakeupCall -ForceFullPolicyUpdate

Get-EpoClientTask "Update VirusScanner" | Invoke-ClientTask -ComputerName "MyComp1", "MyComp2"

Group related:

Get-EpoGroup "Test Group" | Get-EpoSystem -SearchSubgroups

Get-EpoGroup "Test Group" | Send-EpoAgentWakeupCall -IncludeSubgroups -FullProperties

Server task related:

Get-EpoServerTask -History -TaskID 1234567 | Get-EpoServerTaskLogMessage

Get-EpoServerTask -History -TaskID 7654321 | Get-EpoServerTaskSubTask

Get-EpoServerTask -Running | ?{$_.taskName -match "Replicate Repository"} | Stop-EpoServerTask

Get-EpoServerTask "AD Sync" | Start-EpoServerTask

Query related:

Get-EpoQuery | ?{$_.Name -eq "My ePO Query"} | Invoke-EpoQuery

Get-EpoQuery | ?{$_.Name -eq "List of systems"} | Invoke-EpoQuery | Send-EpoAgentWakeupCall

Level 7
Report Inappropriate Content
Message 8 of 14

Re: ePOwerShell Module

I'd be very interested in seeing what you've accomplished thus far.  Further, if you have a roadmap of exactly what you want to implement I'd be more than happy to assist.  


Re: ePOwerShell Module

ePOwerShell (version 0.1 pre-Alpha preview ) is publsihed!

You can find it here:

Level 7
Report Inappropriate Content
Message 10 of 14

Re: ePOwerShell Module

I've got a few functions that I'll wrap up to make look like your code that I'll shoot your way (EEPC related.)   Thanks for sharing!

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator