A malware detection is a priority event so, by default, this doesn't wait the next agent-to-server communication to be sent.
You can see your McAfee Agent policy > General > Events on your ePO.
So it seems the interval for priority event uploading can be set to 1 minute and no less than that?
I guess it will have to do.
Thank you for your answer.
Attention, there are several aspects on this part of policy:
- Enable priority event forwarding: it's instant!
- You can configure the priority level that you want. For a detection, event ID is 1027 with SEVERITY_MAJOR level (all events ID for VSE are available at this adresse: McAfee KnowledgeBase - Complete list of Event IDs for VirusScan Enterprise)
- Interval between upload: the interval at which priority event uploads are forwarded to the server after the first upload. Non-priority events (such as those reporting DAT updates) are sent at the next agent-server communication.
- And the maximum number of events per upload.
Thank you for the answers,
As per our testing with EICAR file and a keygen trojan, event wasnt forwarded instantly. It was forwarded when the interval between upload ran out, or we pushed the events to ePo...