3 Replies Latest reply on Nov 16, 2012 5:50 AM by MaxPat

    Run at every policy enforcement (Windows only)




      This is a question: Its a good practice to configure the McAfee Agent Deployment tasks with the Run at every policy enforcement (Windows only) option?



        • 1. Re: Run at every policy enforcement (Windows only)

          It's up to you

          This setting is designed to ensure that specific software is always present on a machine - so if you have a situation where, for example, end users have admin rights and can uninstall software, then this setting will ensure that anything they remove will be replaced withing a short time. If end users cannot uninstall things then in theory this setting may not be required.


          My personal opinion would be that if you can enable it, do so - the only real impact is a small amount of extra network traffic.


          HTH -



          • 2. Re: Run at every policy enforcement (Windows only)

            In order to avoid processing on the machine I  do the following thing:

            1. Run report that identifies all machines that have software X and apply tag SoftwareX

            2. Create tasks that run on every policy enforcement, excluding the machines that have the SoftwareX tag

            3. Create report that identifies machines that have tag SoftwareX and the software is not really present on them with the action to remove the TAG


            This way I assuse the software is intalled on all of them while not making them process the install on every enforcement.

            1 of 1 people found this helpful
            • 3. Re: Run at every policy enforcement (Windows only)

              I understand there is a tool created by McAfee for this purpose, McAfee Virtual Technician.