I'm guessing that you are using EEPC 6.1, correct ?
The communication method had been changed since EEPC 6.0.x, 6.1 now uses ePO Events to send data/requests to the epo server. The events will be delivered according the McAfee Agent Policy, which is by default every 5 minutes. High priority one should get delivered
If you click on the McAfee Tray, then select Quick Settings, then Show Endpoint Encryption Status. It will display the following dialog.
I have highlighted the area that will get updated during the policy enforcement. Watch this dialog as well as the McAfee Agent Status monitor dialog.
The Endpoint Encryption (EE) Status dialog will tell you when the EEPC policy enforcement has completed.
If the status on the EE status dialog, begins with 'Created' it means that it has created an event to be sent and is waiting for the response to come back from the Agent Handler/ePO Server.
When you see this, you can click on the Send Events button
Hope this helps.
Thank you very much for your detailed reply. You mention "High priority one should get delivered". Is there a way to set a priority on a policy? What would be my best work around to force this quicker?
The High priority is for the event, these are sent by the point product (e.g. EEPC). They can't be manually configured.
But if a high proprity event has already been sent by any point product during 'collect and send' or 'policy enforcement' then it will fall back to the McAfee Agent Policy setting.
In reality leaving the machine to do it on its own is the best way. But for testing or force it, then clicking 'Send Events' on the McAfee Status Monitor will sent event.
I'm struggling with the same issue with updating users/groups to all client machines. No matter how many times you manually synchronise or wakeup clients, clients wont update with the added user – “unknown user”. However, every morning ‘somehow’ the policy is magically updated and you can logon with the user. What’s frustrating is even though the status window displays “Policy Enforcement Complete” is doesnt!
Looking at the MfeEpe log file you can see repeated messages trying to update users:
2011-06-17 11:20:58,474 INFO EpoPlugin userHandler: processing user updates/requests
2011-06-17 11:20:58,988 INFO EpoPlugin userHandler: skipping user updates/requests (nothing to do)
Is there a way of identifying a user being added and matching them against an entry in the log file, like it was possible in SB 5.x.x ?
Those log messages imply that the client has no idea that a new user has been added. This could happen if something goes wrong in ePO when attempting to assign a user to a branch/machine, causing any policies to *not* get updated. There's also a background task that runs infrequently to check consistency of these policies. My guess is the background task is cleaning up a failed user action.
Would it be possible to attach your orion log?
Also, for curiosity, what is the ASCI set to?
I can understand your frustration. The “Policy Enforcement Complete” in the Agent Status Monitor is a lie! The only way to know the true status of the encryption activity is to look in the Endpoint Encryption Status screen (right click McAfee system tray icon, choose Quick Settings > Show Endpoint Encryption Status). We have a product enhancement request in place that asks for better status reporting directly in the Agent Status Monitor, but until that happens we need to keep using the Endpoint Encryption Status screen.
As for the speed of the operations, here's what you need to know...
- High priority events are sent to ePO every 5 minutes. This is configurable in the McAfee Agent Policy (Policy Catalog > McAfee Agent > Events tab > Enable priority event forwarding).
- You could lower this to 1 minute, but this may negatively impact other products ... namely ePO if you're using VSE and have an outbreak, it might overload your ePO server.
- If you are using the "add local domain users" feature, it creates another event in a sequence. That's why it is taking you at least 10 minutes - there are two five minute intervals in the process.
So although there is a delay, the process is deterministic.