I'm not sure if this question of yours still needs responding to.
I'd check the following after an ODS with detection:
- ePO agent logs, whether they indicate any kind of failure to connect to ePO server and/or sending the events up.
- ePO server event processing, whether it has any kind of visible failures processing information from your computer.
- ePO event filtering (both in the GUI and evtfltr.ini, should they not allow recording the types of events the ODS generates. Please check the McAfee KB relevant article on events and event codes for ODS)
- I'd query the ePO database for events from your computer, whether they are there and the GUI query is faulty or they are not there at all.
I have exactly the same issue, Threat events seem to stay empty after upgrading my ePO to 4.6.5
This seems to be a VSE related issue as my Solid Cored PC's do report their threats.
Any ideas are most welcome.
By the way I upgraded from 4.6.3 to 4.6.5
Besides the known error on the eventparser (which I start manually) there are no other issues.
Please make sure that you've checked in the latest extensions for VSE - especially the reporting extension, which allows ePO to interpret events from point products.
I did check it in but reregistering it did the trick
Totally forgot about that one.
No problem Everything is OK now?
I have checked in the latest extension and it works a treat.