I keep a group at top level of the organisation with scan immediate set and all other tasks disabled, drop them in there and then wake up that group.
Assuming you are collecting that event ID and reporting that level of event to epo you can throw up a report on whether its completed or not.
Check your event filtering for the event and the agent policy for the events reported level to make sure you can see it.
Thanks Tony -- took a call to McAfee to fully assimilate your answer (I wasn't aware of the event filtering page -- turns out events 1202 and 1203 aren't enabled by default, and that's what I needed.
I have adopted a "scan after hours" subgroup off each of my mains and a scan immediate subgroup off the top level and put a full scan task in there, and that really works a treat -- thanks for pointing me in that direction.
The only followon question I have is for an immediate task, how is that evaluated by the agent?
-For instance, how would it behave if I drop a host into the group with a scan immediate and I don't wake it up explicitly? Would that scan start the next time that host happens to check in based on its agent to server communication interval?
- Also, if an immediate scan is started and in progress on a host, and it's awakened again while in a scan immediate group, I assume it's smart enough not to start another scan until the original is finished?
- If you move a box out of a group with a scan immediate task in it, does that task get cancelled (I'm guessing no).
- If the box is shut down during a scan immediate, what happens next time it's power up? Will that scan run again from the beginning if run missed task is checked?
I haven't been able to find where this behavior is documented.