This forum is for "Real Time ePO" which is bundled in with many deals, such as:
- McAfee Complete Protection — Business
- McAfee Complete Protection — Enterprise
- McAfee Endpoint Protection — Advanced Suite
- McAfee Endpoint Protection Suite
Real-Time Command (formerly once called Real Time Advanced) I believe is a more complex and very expensive solution, although I cannot find the location to discuss it here on the forums.
Real Time for ePO:
- I use RTE, RTC extensively. RTA, which is an ePO version of RTC, is no longer being developed.
Because ePO really only works with historical data in the db, my customers really like using RTE as a morning check-up while they have coffee. Basically they will login and run through the list of health queries for the MA, VSE, HIPS, and SAE, and leverage the RTE remediation tools when possible. With 1.x the functionality has really been limited to assisting with those four products along with a few system inventory capabilities.
RTE 2.x was recently released which adds some nice new queries/questions/sensors which have been availablein RTC. Some of my favorites are:
And for actions in addition to the expect product actions, we can also now:
- installed applications
- installed os hotfix
- file name search
- file name matching regex
- has open pipe/port
- mcafee agent queued events
- mcafee installed applicationsm
- mcafee running processes
- query registry value
The RTE 2.x release is supposed to co-exist better with RTC but I have yet to figure out how.As for performance impact, I have no hard numbers, but can qualitively say that my customers do not experience any issues due to usage of either RTE or RTC. RTE is a complement to the ePO platform and has not replaced anything. RTC has been very useful with general IT operations such as during infrastructure changes like DNS changes, or checking for which machines have had os/application crashes and needed rebooting. RTC has also served well as an application management and Windows patching tool. Sometimes we usi it to apply updates and sometimes to remove unwanted apps.It is my hope that in the next RTE 2.x release, we will gain the ability to manage/search/terminate/delete files and processes based upon file hash. This capability has been in RTC for a while. It is just a matter of McAfee engineering the content.
- create/delete registry keys
- set/delete registry values