We have apllied high restrictions. All new executables are blocked. Every TMP file is blocked. GSE has detections few times per minute, and much much more .................... Everything was 95% working with company internal policy. I rebuilt this server in DEC 08 & I didn't had to touch it. Daily routine was checking if servers, workstations, pat terminals, tills and...... are updated When I had report about any infections I did manual scan with NOD32 & KASPERSKY - that's our security policy
Patch4 made big mess on the server. I would be more than happy to downgrade back but I can not find procedure. I don't want to make more problems than i made by installing patch4
Solution I restored server to point before P4 update. I made DAT updates and server is up and running. I see that fault is somewhere in P4 😄 Faulty folder is C:\Program Files\McAfee\ePolicy Orchestrator\DB\Events I see that after every event happens there is small file created and after few seconds that file disappears. P4 didn't delete these files and after few hours I had over 1Gb of 1-120kb files.
We've been running EPO4P4 for a couple of months now - no problems with it whatsoever.. To be honest it wasnt a big release, mostly just a few well needed nice-to-have fixes (drilling down N/A entries, UK English now being available etc).
I've been running patch 4 since it came out and while it looked good at first, bugs have started to come out and now it feels worst than before... It fixed some ~50 bugs or so but it also introduced some bugs and didn't address all that were reported prior to its release.
On area of particular failure is in regards to the filter for the systems. The filter is now ignored on agent deployment and table export, amongst many other scenarios. This has been reported and will (should) be addressed in P5...
Please verify what type of events you send from clients to server --> Server settings --> events --> should NOT be ALL events, especially "scan time out"
in additional if you have to many events in this folder its may indicate that number of connection from ePo server to database exceed more than 254 (tomcat limitation) and SQL 2000. I sorted similar issue by moved db to SQL 2005
I am new to McAfee and the whole EPO suite. I am trying to install patch 4 and every time I try to install I get the installation was interrupted. I noticed in the release notes it says you should have patch 1 2 3 installed. Are they mandatory for the installation and also is there a way to see what patches I have applied? Sorry for such newbie questions, it's just I am at my wits end with this software and I am stumped and the logs don't help (me) much.