2 Replies Latest reply on May 7, 2014 3:03 PM by Sean Slattery

    RealTime Command experiences

    mcafeenewb

      I was curious if anyone has implemented RT Command in their enterprise and has any experiences that want to share.

       

      Did it ever save you in a pinch?

      Do you observe any hits in performance in end points when running sensors?

      Are you seeing a genuine value in the implementation?

      Did it replace anything in your environment?

       

       

      Just curious.

        • 1. Re: RealTime Command experiences
          ratlsnake

          Different product.

          This forum is for "Real Time ePO" which is bundled in with many deals, such as:

           

          Real-Time Command (formerly once called Real Time Advanced) I believe is a more complex and very expensive solution, although I cannot find the location to discuss it here on the forums.

           

          Real-Time Command:

          http://www.mcafee.com/au/products/real-time-command.aspx

           

          Real Time for ePO:

          http://www.mcafee.com/au/products/epolicy-orchestrator.aspx#vt=vtab-RelatedProdu cts

          • 2. Re: RealTime Command experiences
            Sean Slattery
            • I use RTE, RTC extensively. RTA, which is an ePO version of RTC, is no longer being developed.

             

            Because ePO really only works with historical data in the db, my customers really like using RTE as a morning check-up while they have coffee. Basically they will login and run through the list of health queries for the MA, VSE, HIPS, and SAE, and leverage the RTE remediation tools when possible. With 1.x the functionality has really been limited to assisting with those four products along with a few system inventory capabilities.

             

            RTE 2.x was recently released which adds some nice new queries/questions/sensors which have been availablein RTC. Some of my favorites are:

            • installed applications
            • installed os hotfix
            • file name search
            • file name matching regex
            • has open pipe/port
            • mcafee agent queued events
            • mcafee installed applicationsm
            • mcafee running processes
            • query registry value
            And for actions in addition to the expect product actions, we can also now:
            • create/delete registry keys
            • set/delete registry values

            The RTE 2.x release is supposed to co-exist better with RTC but I have yet to figure out how.

            As for performance impact, I have no hard numbers, but can qualitively say that my customers do not experience any issues due to usage of either RTE or RTC. RTE is a complement to the ePO platform and has not replaced anything. RTC has been very useful with general IT operations such as during infrastructure changes like DNS changes, or checking for which machines have had os/application crashes and needed rebooting. RTC has also served well as an application management and Windows patching tool. Sometimes we usi it to apply updates and sometimes to remove unwanted apps.
            It is my hope that in the next RTE 2.x release, we will gain the ability to manage/search/terminate/delete files and processes based upon file hash. This capability has been in RTC for a while. It is just a matter of McAfee engineering the content.