6 Replies Latest reply on Nov 1, 2010 3:26 PM by metalhead

    ePO 4.5 - server task doesn't work as expected

    pschmehl

      I created a query that returns all of the IP addresses of hosts that fit two criteria; they are rogues and they are windows.  I then created a task that runs that query and then performs an agent install.  The query runs fine but only runs on 49 hosts.  Those hosts happen to be the only ones that ePO has identified the hostnames for.  Since my query only returns the IP, I'm not even sure how this is possible, but it's doing it.

       

      Anyone have any ideas where to look to resolve this?  I've disabled the task until I can figure out why it isn't working as expected.

       

      Here's the sql for the query:

       

      select [RSDDetectedSystems].[IPV6], [RSDDetectedSystems].[HostID] from  [RSDDetectedSystems] where ( ( [RSDDetectedSystems].[Rogue] = 1 ) and (  [RSDDetectedSystems].[OSPlatform] = N'Windows' ) )

       

      When I run the query it returns a table of IP addresses.

       

      This is the server task:

       

      Actions:

      1.  Run Query
      Query name:                                                 Detected Rogue Windows Systems ,                 Language:                                   English
      1.1  Deploy McAfee Agent
      Agent version:McAfee Agent for Windows 4.5.0 (Current)
      Install only on systems that do not already have an agent managed by this ePO serverfalse
      Force installation over existing versiontrue
      Installation path:<PROGRAM_FILES_DIR>\McAfee\Common Framework
        • 1. Re: ePO 4.5 - server task doesn't work as expected

          Hi.

          Well, don't take this as the complete truth, because i am not 100 % sure of it :-)

          It seems to me based on my testing with normal installations that the EPO Agent installer will only install the agent to a computername, not the IP adress.

          I have tried several times to get an Agent installed from the EPO console based on IP, but it seems that the ip i am adding is taken as a computer name not an ip.

           

          In regards to the table you are generating that contains ip adresses, i do not really think EPO cares about what properties you have on it. It seems to me that it will select the computer name property out of your query for further processing regardless of what you have selected.

           

          If anyone else have any more info on this subject, feel free to step in and proove me wrong :-)

           

           

          Thomas

          • 2. Re: ePO 4.5 - server task doesn't work as expected
            metalhead

            Pushing the ePO Agent manually from the epo console works also when entering an IP address.

             

            Why don´t you use the directly implemented automated answer for a detected rogue system ?

            • 3. Re: ePO 4.5 - server task doesn't work as expected
              pschmehl

              metalhead wrote:

               

              Pushing the ePO Agent manually from the epo console works also when entering an IP address.

               

              Why don´t you use the directly implemented automated answer for a detected rogue system ?

               

              I don't know what you mean by "directy implemented automated answer".  What are you referring to?

              • 4. Re: ePO 4.5 - server task doesn't work as expected
                metalhead

                Hi pschmehl,

                 

                I am referring to "Menue -> Automation -> Automatic response -> New response".

                 

                Then select "Event group=Rogue System Events", "Event type=Rogue system detected".

                As filter I strongly suggest to set "Rogue=True and Managed=False and Exception=False and Inactive=False".

                As aggregation set "for every event".

                 

                Then as action set "Deploy McAfee Agent".

                 

                Cheers Tom

                 

                 

                Nachricht geändert durch metalhead on 01.11.10 17:47:47 MEZ
                • 5. Re: ePO 4.5 - server task doesn't work as expected
                  pschmehl

                  Excellent!  Thanks a lot, metalhead.  Solved my problem.  I've been using ePO a long time, so I'm used to some of the old ways of doing things.  Hadn't even thought of Automatic Response as an option.

                  • 6. Re: ePO 4.5 - server task doesn't work as expected
                    metalhead

                    No problem - and please keep in mind to set the filter correct as we expierenced problems without it (ePO was then pushing the McAfee Agent to EVERY system detected by a sensor - and this at EVERY detection time !)