4 Replies Latest reply on May 7, 2014 10:20 AM by JoeBidgood

    Automated agent deployment / False positive managed state

    moep

      Hi folks

       

      I'm using a server task to deploy an agent on all "unmanaged" systems.

      At least on paper this seems to be a great idea since I don't have to lift a finger.

      But there is a catch in it:

       

      Reinstalled systems remain in the ePO console with status "managed" even though there is no longer an agent installed.

       

      Of course there are ways to fix it manually... I could delete the system from ePO console or AD or deploy the agent again manually.

      But my intention was to configure a fully automated server.

       

      So as a workaround I handle all systems as they were "unmanaged".

      I've unselected both installation options "Install only on systems..." and "Force installation..."

       

      These changes had 2 effects:

      • The agent was deployed on all false positive
      • All McAfee services on theremaining systems seem to be restartet on every task interval

       

      Does anybody else have experience with this stuff?

      Is there a way to fix these false positive without restarting the services every hour?

       

       

      servertask.jpg 

        • 1. Re: Automated agent deployment / False positive managed state
          pierce

          I use the rogue sensors in my environment, and then an automatic response for anything that starts with the computer name I expect and on the domain + windows, deploy away.

          Also gives the benefit of showing all those random devices you have on your network in case security/someone wants to know.

           

          Saves it endlessly deploying agents as my first few attempts did that as well

          • 2. Re: Automated agent deployment / False positive managed state
            JoeBidgood

            I'm more interested in this bit:

             

            Reinstalled systems remain in the ePO console with status "managed" even though there is no longer an agent installed.

             

            Can you explain a bit more what is happening here? Generally when an agent is reinstalled it should not create another entry in ePO, so it sounds like something is not right here. Exactly how are these machines being reinstalled?

             

            Thanks -

             

            Joe

            • 3. Re: Automated agent deployment / False positive managed state
              moep

              Hi Joe

               

              Maybe you misunderstood me. I was talking about reinstalling Windows - not the agent.

              We're using Matrix42 Empirum for our software deployment.

              Previously we had a package for McAfee agent, therefore we never had this problem before.

              The package was (re-)installed with the PC.

               

              Eventually we deploy the agent with ePO.

              There is an AD sync job running hourly. New systems wil be added to the system tree, deleted ones will be deleted as well..

              Once a system appears in the system tree the agent will be deployed and the system becomes managed.

               

              When we reinstall a PC with Matrix42 we usually do not delete it from AD first.

              So even if a sync job ran in the meantime the system wouldn't be deleted from the system tree.

              The status remains "managed".

               

               

              @pierce

              Thanks for the tip. I will have a look on rogue sensors. We've pobably licensed it anyway.

              • 4. Re: Automated agent deployment / False positive managed state
                JoeBidgood

                Ah, OK, I understand now. (I hope.)

                My personal recommendation would be to include an agent in your rebuild process - all the other options are reactive, relying on detecting the machine on the network or in AD. Including an agent on the rebuild image solves all your problems in one go: when the machine is rebuilt it already knows where its ePO server is, and ePO simply updates the existing entry with the new information.

                 

                Regards -

                 

                Joe