3 Replies Latest reply on Feb 11, 2010 5:21 AM by andreasw

    How to do a query for a hotfix with EPO 4.0

      Hello,

       

      in our 3000 client company I manage antivirus software with "McAfee ePolicy Orchestrator 4.0". At the moments clients have Agent 4.0 too, but I will go to Agent 4.5. Befor I do it, I have to distribute a compatibility Hotfix number 517265.

       

      My question is:

      Is it possible to do a query to see, how often the patch is distribute? I have many queries with Epo Version, Epo Patchlevel, but I don't find a way for a query for a hotfix.

       

      Please help me.

        • 1. Re: How to do a query for a hotfix with EPO 4.0
          SamSwift

          moving this to ePO...

           

          Sam

          • 2. Re: How to do a query for a hotfix with EPO 4.0
            Sailendra Pamidi

            According to the hotfix release notes, it changes only three files:

             

            Files affected:

            FilenameVersion
            shstat.exe8.7.0.782
            shstat.dll8.7.0.782
            vstskmgr.exe8.7.0.787

             

            So the actual build for the rest of the product remains the same (patch 1 or 2) - this means there may not be a straight forward way of querying it from ePO 4.0.

             

            You can however do this using a System Compliance Profiler rule. To do this follow the steps below:

             

            On the ePO console, click Systems --> Policy Catalog.

            In the product drop down, select System Compliance Profiler 2.x.x

            Click New Policy

            In the Create a new policy window, type a name for the policy such as 'VSE HF517265 Check'

            Click Ok.

            In the Rules Window, Click Custom Rules

            Click Add Group - Give it any name

            Select that group under Custom Rules and click Add Rule

            Type a name for the rule in the 'Name of rule field' for e.g. 'Check for VSE HF517265'

            Uncheck all irrelevant Operating Systems such as windows 98, Windows ME etc

            In the Criteria field, make sure Match a file is selected

            In the File Path drop down select PROGRAM_FILES_DIR and complete the path to one of the three files listed above - for e.g. McAfee\VirusScan Enterprise

            In the File name field type shstat.exe

            Choose 'Version is greater than or equal to' from the drop down and type in the version listed above (e.g. 8.7.0.782 for shstat.exe)

             

            Save the policy

             

            If you have never used SCP before, you will need to ensure the SCP scanner is installed on the client systems as part of a deployment task.

            After this, ensure that a SCP scan client task is configured on the ePO system tree for all the systems.

            Now when the scp scanner runs the next time this rule is checked the results are sent to ePO.

             

            Using one of the existing SCP queries  (for e.g. SCP: Non Compliance Summary by Rule Group) you can get the list of systems that violate the rule (do not have the HF installed)

             

             

            Hope that helps....

             

            Regards,

            Sailendra

            1 of 1 people found this helpful
            • 3. Re: How to do a query for a hotfix with EPO 4.0

              Hello Sailendra Pamidi,

               

              many thanks for detailed answer.

              Until today we don't use and don't have installed System Compliance Profiler on clients. But I have installed SCP on a test machine about your instruction and I created a SCP Scan Task (in the 2nd step configuration I can read: "No additional settings for SCP Scan Task"). I hope, it is so right.

              Furthermore I edited Policy Catalog and added a query for the hotfix according your instruction. The SCP Scan Task is worked on a test machine (run and wake up agent) . So far I had no problems.

               

              My problem is to know, how I can do a query for hotfix or general query with patch level. Through the standard queries I don't get an answer.

               

              Can you give me a anser?

               

              Regards

               

               

              Message was edited by: andreasw on 11/02/10 05:15:10 CST

               

               

              Message was edited by: andreasw on 11/02/10 05:21:44 CST