0 Replies Latest reply: Jan 21, 2014 2:22 PM by rcsec RSS

    VSE 8.7 Command Line Scan


      For our corporate environment we use ePO + policies.


      For systems we receive alerts (& only systems we receive alerts on)  I want to perform Full Scans via the command line on remote hosts.  Remote could be in a close building or on a different continent with a slow connection (that can take several minutes to perform an AutoUdate then start a Full Scan.  The goal is script these "one-off" scans (as the tickets come in), review the results, close the ticket for non-events and investigate more serious issues.


      What are the command line switches for VSE 8.7 to conduct a Full Scan equivelant (Memory for rootkits, Running processes, All local drives, Registry & Cookies) with Actions of Clean (then delete).  Is it possible to get an indication the remote host successfully accepted the command?  Can the host be queried to see if the scan is still in progress?


      For one-off scans like this, is it preferable to use the VCLS tool verse the installed McAfee client?  https://kc.mcafee.com/corporate/index?page=content&id=KB51141

      If that is the case, can the VCLS use the installed DAT or will I need to copy one to the remote host?


      Currently, I'm using this command to update a remote host:


      WMIC /Node:"%2" Process Call Create "cmd /c C:\Program Files\McAfee\VirusScan Enterprise\mcupdate.exe /update /quiet"


      WMIC /Node:"%2" Process Call Create "cmd /c C:\Program Files (x86)\McAfee\VirusScan Enterprise\mcupdate.exe /update /quiet"


      The "/quiet" is used to not interrupt the locally logged user.  Is it possible to get any indication the system was successfully updated, already running the latest or experienced problems attempting to peform the update?


      The goal isn't to manage an enterprise with batch files but to quickly address systems we receive alerts on that has contacted a blacklisted external address.


      Thank you,