9 Replies Latest reply on Dec 4, 2009 10:14 AM by micks_84

    Virus Scan Table in EPO database?

      Hi I am using ePO 4.5 with Virus Scan 8.7i and i have succesfully deployed the clients.

       

      I have sql management studio express and I was looking for the table which logs all the virus scan events. I noticed that there were seperate tables for all the other mcafee devices like HIPS, PA but not for Virus Scan???

       

      Although I did find a few events in the dbo.EPOEvents table but I am looking for more comprehensive logs for the virus Scan..

        • 1. Re: Virus Scan Table in EPO database?
          JoeBidgood

          Hi...

           

          What sort of things are you looking for? VSE only reports certain things back to ePO, so it may well be that what you're after is not in the database

           

          Regards -

           

          Joe

          • 2. Re: Virus Scan Table in EPO database?

            dbo.EPOEvents is the correct table for all VSE generated events. As Joe said, what exactly are you looking for?  Make sure the events you want are not being filtered (under 'Server Settings >> Event Filtering'  Let us know what you're looking for and we may be able to help.  In many situations to find the information you want you'll need to combine data from a few different tables...

             

            Andrew

            • 3. Re: Virus Scan Table in EPO database?

              Hey,

               

              I am looking for all the VSE 8.7 events. Events table lists them and as andrew suggested I went to the server settings->event filters  and only a few events are selected in that. It has the option of selecting all the events. But I want to know if there is a event Id range which is pertinent to only VSE.

               

              I found this list which claims that it has all the VSE events, can you please confirm if these are the only VSE events or there are more.

               

              https://kc.mcafee.com/corporate/index?page=content&id=KB52417&pmv=print

               

              Thanks,

              Micks

               

               

              Message was edited by: micks_84 on 12/3/09 11:55 AM
              • 4. Re: Virus Scan Table in EPO database?
                GWIRT

                This is a complete list.

                • 5. Re: Virus Scan Table in EPO database?

                  This list is not complete for sure. When you look at all the events in the event filter there are a lot of other events there which are pertinent to VSE but I am not able to get a complete list documented anywhere.

                   

                  Also in the EPOEventFilterDesc there is this column called description which has

                   

                  On Demand scan complete. Detections %NUMVIRS%, Cleaned %NUMCLEANED%, Deleted %NUMDELETED%, Quarantined %NUMQUARANTINED%.Scan version %ENGINEVERSION% DAT version %DATVERSION%.

                   

                  I am just looking for the table which has all these %----% values. and a complete list of vse events alone.

                  • 6. Re: Virus Scan Table in EPO database?
                    GWIRT

                    Be aware that a number of these events look like they can apply to VSE but are actually for other products (e.g. GSE, GSD, LinuxShield, etc.). I would suggest opening a thread in the VSE community to see if they may be able to confirm this information.

                    • 7. Re: Virus Scan Table in EPO database?

                      Also in the EPOEventFilterDesc there is this column called description which has

                       

                      On Demand scan complete. Detections %NUMVIRS%, Cleaned %NUMCLEANED%, Deleted %NUMDELETED%, Quarantined %NUMQUARANTINED%.Scan version %ENGINEVERSION% DAT version %DATVERSION%.

                       

                      Can you tell me where these values are stored???

                       

                      I have posted a thread in the VSE section to confirm if the link  i posted consists of all the vse events, no replies yet though..

                       

                      Thanks,

                      Micks

                      • 8. Re: Virus Scan Table in EPO database?
                        JoeBidgood

                        micks_84 wrote:

                         

                        Also in the EPOEventFilterDesc there is this column called description which has

                         

                        On Demand scan complete. Detections %NUMVIRS%, Cleaned %NUMCLEANED%, Deleted %NUMDELETED%, Quarantined %NUMQUARANTINED%.Scan version %ENGINEVERSION% DAT version %DATVERSION%.

                         

                        Can you tell me where these values are stored???

                         

                        I'm not sure what you mean by "these values" - do you mean the variables? If so, then these are stored as part of the event itself.

                        Again, can I ask what it is you're trying to achieve? If we had a better idea of what you want to do we may be able to help better...

                         

                        I have posted a thread in the VSE section to confirm if the link  i posted consists of all the vse events, no replies yet though..

                         

                        Certainly as far as we know that list is definitive: it was written by the VSE team, and I'm not aware of any updates to it.

                         

                        Regards -

                         

                        Joe

                         

                         

                        As Greg said, that list is a complete list of VSE events

                        • 9. Re: Virus Scan Table in EPO database?

                          Hi Joe,

                           

                          I am trying to find all the VSE events somewhere in the database.

                           

                          I am using the EPOEvents table along with the EPOEventFilterDesc to make a query which lists all the VSE events. These 2 tables are good but I am not able to find the values to the variables in the description field:

                           

                          So here is the Problem:-

                           

                          For event ID 1203 -On demand scan completion, in the  table eventsfilterdesc, the description field is:

                           

                          On Demand scan complete. Detections %NUMVIRS%, Cleaned %NUMCLEANED%, Deleted %NUMDELETED%, Quarantined %NUMQUARANTINED%.Scan version %ENGINEVERSION% DAT version %DATVERSION%.

                           

                          Where can i find the values for %NUMVIRS%, %NUMCLEANED%,%NUMDELETED% etc.

                          Like when you mentioned they are stored as a part of the event itself. Where is that? It does go in the windows event log viewer.. but it has to be stored somewhere in the database as well right?

                           

                          Also for example when you look at this event 1032 :-

                           

                          The file %FILENAME% contains the %VIRUSNAME% %VIRUSTYPE%. The detection was moved to quarantine area. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.

                           

                          The variable fields are stored in the events table itself and I was able to find them but I haven't been lucky to find the values for the former.

                           

                          I hope this makes sense

                           

                          Thanks,

                          Micks