1 Reply Latest reply on Oct 31, 2017 6:49 PM by zaneta22

    Anyone here with MOVE 4.5 (non-agentless) installed?


      When you hit Check New Policies/Enforce Policies from the client with MOVE 4.5 installed, do you get anything in the logs showing path/processes exclusions?


      For example, in 3.6.x, we used to get the following from C:\Program Files (x86)\McAfee\MOVE AV Client\mvagent.log:


      U.2656.3820: Feb 21 2017:01:09:30.215:   SYSTEM: eppl_policies.cpp: 2105: sending exp cmd.

      U.1052.1928: Feb 21 2017:01:09:30.218:   SYSTEM: cmdi_process.c:  517: Command 'mvadm.exe exp set 3|11|*.bak 3|11|*.edb 3|11|*.evt 3|11|*.evtx 3|11|*.ldf 3|11|*.log' returned 0: No error

      U.2656.3820: Feb 21 2017:01:09:30.218:   SYSTEM: eppl_policies.cpp: 2105: sending pp cmd.

      U.1052.0600: Feb 21 2017:01:09:30.220:   SYSTEM: cmdi_process.c:  517: Command 'mvadm.exe pp set C:\Windows\ccm\ccmexec.exe C:\Windows\system32\mssdmn.exe' returned 0: No error


      Do you still get this info with 4.5?


      I updated a couple of servers with 4.5 and have an impression that I don't get any MOVE policies from ePO -- they all report to ePO just fine, dropping eicar works too, same for SVM assignment, but I see no traces of path/processes exclusions in the logs.


      Instead, I get:


      U.160528.155444: Apr 21 2017:13:53:14.599:   ERROR: mvmsgbus_context.cpp:   29: MvMsgBus - Module: mvmsgbus Message: Failed to get the policy, error <1601>