1 2 Previous Next 14 Replies Latest reply on Jul 16, 2013 10:45 AM by adamn

    Unable to view results after scan from ePO

      Hello Everyone,

       

      Every time I perform a client task scan from my ePO console for my server, it never logs the threats or notifies me anything. The loading bar will turn green on all three notches and say successful afterwards, but there are not any results under "Threat Events". I've tested this scan many times with the EICAR malware fire and it doesn't seem to work. When I perform the scan on my server with VirusScan Enterprise (VSE) it will catch the EICAR file, remove it, log the event on ePO and send me an alert email. How can I make my ePO server do all this without having to actually perform the scan from the server. Please help, thanks!

       

      -Adam

        • 1. Re: Unable to view results after scan from ePO

          I also forgot to add that I am using ePO version 4.6.6 and the VSE is version 8.8

           

          Message was edited by: adamn on 7/3/13 11:01:15 AM CDT
          • 2. Re: Unable to view results after scan from ePO
            Attila Polinger

            Hello,

             

            could you illustrate what your issue is with some screenshots?

             

            Thanks.

             

            Attila

            • 3. Re: Unable to view results after scan from ePO

              Sure, here are some photos to help me explain:

               

              After I select the server I would like to scan, I run this client:

              Perform Scan.png

              After this client runs, I want results here on the ePO console:

              Results.png

              The results that are on the screen are from when I perform the scan directly from the server using VSE:

              VSE.png

               

              I hope this helps you understand, thanks for the reply!

               

              Message was edited by: adamn on 7/3/13 11:43:05 AM CDT
              • 4. Re: Unable to view results after scan from ePO
                Attila Polinger

                Hello,

                 

                I would say it is hardcoded that you can only see OAS detection for a client and only the summary of a scan task on this page and not detection of a scan task. Frankly, I would rather use a events query filtered to the host in question than open host properties...but this does not mean it is the only way possible.

                 

                By the way the client scan task is not displayed on the VirusScan console in you 3rd picture. This could be the result of a policy setting not to display managed tasks on the client or the task is not assigned to the client at all. Could you check that?

                 

                Attila

                • 5. Re: Unable to view results after scan from ePO

                  Hi,

                   

                  I think I have figured it out, all I had to to do was "create new task" and perform a scan from there. Now I scan scan from ePO and it will detect my EICAR file, and send the results back to the ePO console. The one other problem I have encountered was creating alerts, do you know how to set those up? Thanks for the help Attila, I really appreciate it!

                  • 6. Re: Unable to view results after scan from ePO
                    Attila Polinger

                    Hi,

                     

                    I'm glad you've managed to overcome your issue.

                     

                    If by "alerts" you mean what I think then it is the automatic responses that you could use.

                     

                    Please could you answer my question regarding client task in my previous response? Thanks.

                     

                    Attila

                    • 7. Re: Unable to view results after scan from ePO

                      Hello,

                       

                      I've tried using the automatic responses, but it seems to constantly notify me every hour/min/sec/day whichever I select on "Aggregation". It also doesn't stop notifying me (Sending me Emails), how can I set it up to only notify me with only one Email and stop?

                       

                      As for the your question before, I believe that it is a policy setting that the systems admin set up. I do not have access to a few things on the console and I'm unable to edit any policies.

                       

                      Thanks,

                      - Adam

                      • 8. Re: Unable to view results after scan from ePO
                        Attila Polinger

                        I'm not sure about client task opportunities, but with server tasks you can add several independent actions together, and one of them is Run a Query. If you could time the end of the client task with the start of your server task you could run a query for the events generated by your client tasks (and perhaps send an email of them).

                        You can filter in the query for Analyzer Detection Method = (your client task name).

                         

                        Attila

                        • 9. Re: Unable to view results after scan from ePO
                          Attila Polinger

                          Well I managed to take a look into it. You can set the automatic response (in response to a ePO server client event, that is, for example the event ID of the scan task end) to launch a server task and that server task can run a query, which you would define so it only lists the events that your ODS scan generated and send yourself in an email.

                           

                          Is this a viable solution for you?

                          1 2 Previous Next