This content has been marked as final. Show 4 replies
Little more info.
Upon looking through the group scan log, I'm seeing a few entries that say "error fixing orphan : [db020001] Unable to update attribute"
It looks like the machines that actually show up in the Orphans group are the machines that are fixed after the error occurs. None of the machines that were "fixed" before the last error are showing up.
Looking for more info about this too.
In our company we started using this software, but some devices are not showing in the manager. We trying to update via Group Scan, all devices that were already there are gone. They are not totally gone, because when we try to add a machine by the same name, it states that it already exists. What to do?
delete the name cache, restart the server, and make sure you are not using sbfiledb.dll v5.1.9 anywhere.
Most orphans, and failed orphan recoveries come from a DB where the server is too slow to keep up with the workload, which is either because it's basically underpowered, or because it's not been through performance tuning. SAN connections are especially bad because, as security guys, you probably have very little say in how fast the connection is (most people struggle to get the infrastructure team to give them a TierI connection).
First off, call support. Anything I can tell you is at face-value, and should not be considered as coming from McAfee. As always, test any and all changes to your environement before implementing them in Production.
-- Check your AV exclusions. We had to exclude the SBData folder from On-Acess scanning.
-- Assign low-risk processes. We had to declare several EEPC processes as low-risk processes so they weren't scanned when run. The important one I believe was SBDBServer.exe.
-- Check your versions. We found we had multiple versions across some files as a result of incorrect upgrade procedures. The way we found out was by checking the about page, and then checking System tab-->Endpoint Encryption Server Groups --> SafeBoot Server--> Get Status. We found that the about page and the get status showed different versions, which then led us to look at the actual modules installed.