3 Replies Latest reply on Dec 6, 2010 3:46 PM by francoisb

    Stunning performance of ePO-MVT

    pschmehl

      Yesterday I created a new tag and some queries and tasks that do the following:

      Tag any 8.5 installs as non-compliant

      Tag any dats more than 7 versions old as non-compliant

      Tag any old agents (not 4.5.0.1719 or 4.5.0.1453)

      Remove non-compliant tags from all compliant machines (meaning the dats are with 7 versions of current)

      Run a client task that runs a remediation task on all machines with a non-compliant tag and forces a reboot within ten minutes if required.

       

      Yesterday I had almost 1200 non-compliant machines (meaning not 8.7i with 4.5.0.1719 agent and dats within 7 versions over the past month).  Today I have 612!  ePO-MVT has literally remediated almost half my problem machines automatically in the past 24 hours.  I have gone from 62% complaince to 86% compliance in one day with no technician intervention required.

       

      Kudos to McAfee for an incredibly effective product.

       

       

      Message was edited by: pschmehl on 12/3/10 3:26:08 PM CST
        • 1. Re: Stunning performance of ePO-MVT

          pschmehl,

           

          i have a similar issue- many machines uncompliant ( DAT out of date)- getting a report from epo every day.  How did you manage to assign tags to machines with more than 7 days  - which tag ? When I go to the tag catalog I can only see criteria based on hardware (ie. ip, cpu,disk space).

           

          In automation I can assign tag based on my report but again which tag would that be. Also, in automation I can run a query against my report but as "sub action" what is missing is "run a task" based on that outcome. Any help is welcome.

          • 2. Re: Stunning performance of ePO-MVT
            pschmehl

            It takes more than one step.

             

            1. 1) Create a tag - I named it "Non-compliant systems"
            2. 2) Create several queries (use Table)  The reason you have to create several queries (McAfee, are you listening?) is because you can't do logical ORs in queries between different Available Properties - only within each property
              1. Systems with dats more than X number of versions old (I use 7)
              2. Systems with agents older than your current agent (IOW, Not Equal to your current version)
              3. Systems with old VSE versions installed (IOW, Not Equal to your current version)
              4. Systems with old scan engine versions (IOW, Not Equal to your current version)
            3. Create a server task that tags out of compliance versions  (Run each query and tag the results)
            4. Create a client task that runs ePO-MVT on systems tagged non-compliant on a scheduled basis - be sure to force a reboot if required

             

            Without doing anything else I am now down to 503 non-compliant systems.  So over 700 systems have been automagically remediated by ePO-MVT and are now up to date.

            • 3. Re: Stunning performance of ePO-MVT

              pschmehl ,

               

              understand...fab......I was looking around to assign a criteria but relaised that I don't have too.... everything else is clear

              Merci beaucoup...

               

              Francois