6 Replies Latest reply on Aug 30, 2011 4:47 PM by sparklan

    ePO 4.6 Detection Reporting

      Hello,

       

      We've started rolling out ePO 4.6 / Agent 4.6 / VS 8.8 to our customers. For the most part it has been pretty smooth. One thing we've noticed is that ePO isn't reporting activity in the "VSE: Threat Names Detected Per Week" or "Malware Detection History" reports in the dashboard. Before the upgrade to 4.6 we would at least see "Scan Timed Out" messages. There is nothing after the upgrade date. There are a couple situations where VirusScan found an infection on one of the workstations and that still doesn't show up in the dashboard. All the agents show up in the System Tree and show as up to date, so communication doesn't seem to be a problem.

       

      Is there something else we need to do to make certain the workstations are correctly reporting their detection status?

        • 1. Re: ePO 4.6 Detection Reporting
          JoeBidgood

          You need to make sure you have checked in the VSE 8.8 reporting extension if you haven't already done so: this is what allows ePO to understand VSE 8.8's events.

           

          HTH -

           

          Joe

          • 2. Re: ePO 4.6 Detection Reporting

            Yes, we do have the report extensions loaded that came packaged with the VSE880LML.zip. It shows version 1.2.0.136 for the VirusScan Enterprise Reports. Status is "Installed" and "Running".

            • 3. Re: ePO 4.6 Detection Reporting
              hem

              I will suggest you to create an event with Eicar  test and follow the sequence.

               

              1. Whether event is getting created or not (\Documents and settings\All Users\Application data\McAfee\Common framework\AgentEvents).

               

              2. If yes then please click send events from Agent monitor window.

               

              3. Verify if the event has come to ePO \DB\Events folder.

               

              4. If it parsed succesfully to DB then it should appear in the query result.

               

              5. If not then please look at Event parser log file why event parsing is failed.

              • 4. Re: ePO 4.6 Detection Reporting

                We just did this test and it did make it through to the Dashboard. I guess it is working, it just made me nervous to have no activity showing. Does 4.6 no loger report on "Scan Timed Out"?

                • 5. Re: ePO 4.6 Detection Reporting
                  andrep1

                  Your scan time outs might be filtered out. They would log locally but not be forwarded to the ePO server.

                  Check in

                  Menu, Configuration, Serevr Settings, Event Filtering if event 1059 is checked.

                  • 6. Re: ePO 4.6 Detection Reporting

                    Looks like this was the cause. Upgrading from ePO 4.5 to 4.6 must set this event filtered because it was reporting scan time outs before the upgrade. Thanks.

                     

                    Turns out the other workstation that had an infection, the agent was not reporting back to the ePO server correctly. After another rollout of the agent, that was fixed too.