6 Replies Latest reply on Feb 9, 2010 2:57 AM by rackroyd

    epo5.4 server OU

      No clent tasks assigned to this group, yet Mcafee still installed the agent on them.  These servers DO NOT access the internet whatoserver so there is no need to have an agent on them.  I don't remember them ever having the agent installed in 4.0 but I also could be wrong.


      Is this typical behavior for EPO?  I have always manually installed the mcafee agent and had tasks setup to install VSE on workstations and workstations ONLY.

      Can someone enlighten me?



      Message was edited by: drewdown on 2/8/10 10:31:15 AM GMT-05:00
        • 1. Re: epo5.4 server OU



          Just checking - Are you sure the agents in question came from ePO ?

          Even when running as stand-alone a machine with VirusScan Enterprise will still have an Agent, and use it for updating.


          The agent is not exclusively for ePO management.



          • 2. Re: epo5.4 server OU

            Yes I am sure.


            They were not manually installed,  The boxes were formatted and fresh install of win2003/2008 so no OEM add-on either.  Adn the machines DO NOT have virusscan because their is no task assigned to install it.  They just have the mcafee agent and thats it.


            I guess EPO installs the agent on its own for every machine that is synced via AD?

            • 3. Re: epo5.4 server OU

              I guess EPO installs the agent on its own for every machine that is synced via AD?



              Not by default, but you can configure it to do so in the Sunchronization Settings page for the group - there is a Push Agent section that controls this. Do you have that configured by any chance?

              Alternatively, do you have RSD set up to push agents? That can do it...


              Regards -



              • 4. Re: epo5.4 server OU



                Just making sure


                The AD synch itself does not deploy an agent, it just adds a placeholder in the ePO system tree for the machines discovered.

                The decision to deploy an agent is configured by group (group details tab) in the system tree under the 'Synchronisation Type' setting..


                if AD has been chosen in there you'll see a tickbox for 'push agents to new systems when they are discovered.'

                This is what controls the push of agents after an AD synch.


                Of course once placed in the system tree, these machines will still be subject to any deployment tasks configured, or potentially be discovered as rogue systems regardless if you use rogue system detection.


                Hope that helps you narrow down the cause.



                • 5. Re: epo5.4 server OU

                  Thats what it was, at the top level it was set to deploy agents as they are discovered.  Obvioulsy that filtered down to the my server OU.


                  I had it set that way to sync for all workstations on my domain.  If I want it only on the workstations I need to sync eavh group accordingly?

                  Makes sense now.

                  • 6. Re: epo5.4 server OU

                    Yep, that is configurable by group at any group level.