This content has been marked as final. Show 12 replies
It is working this way:
1) No checkmark
The client connects to your epo during a normal communication intervall (default 60 minutes) -- it "sees" your new deployment task, downloads it and is executing it immediately and only ONCE.
2) With checkmark
The same behaviour as above but additionally the task is run at every policy enforcement (default 5 minutes). So every 5 minutes the agent will recheck if all the products are installed on the client. Therfore it connects to the next available repository
So it's a sort of protection against it being uninstalled or otherwise removed?
I noticed in the log it was running a verification every five minutes. Is there a performance impact? What level of protection does this provide, is it based on the files it can see, or does it just check a registry key?
> So it's a sort of protection against it being uninstalled or otherwise removed?
> I noticed in the log it was running a verification every five minutes. Is there a performance impact?
No but I would set the PE interval to at least 30 minutes
> What level of protection does this provide, is it based on the files it can see, or does it just check a registry
AFAIK it is registry key based
If there is no performance impact why would you change the PE?
Does it not verify products are installed upon connecting to server after initial installation?
Its for saving bandwith - I thought you where speaking of client performance ...
I thought a policy enforcement was a purely local action, it scans the policy list it downloaded from the server, then carries out any actions requires, which 99% of the time will be zero.
Am I mistaken?
No as far as you do not check the "Run at every policy enforcement" interval in your deployment task.
What I am not understanding is why you would advise setting PE to 30 minutes instead of 5 when the VSE install is executed on first connected anyway (thus the PE interval doesn't matter), and apart from that policy enforcement is a purely local task so does not draw on bandwidth. Situations where the product has been removed are edge cases and should be rare, therefore I do not see a larger interval saving on bandwidth their either.
In this instance I do not understand why you would change the interval. Can you explain?
In our environment, we have set the PE to 30 minutes to allow the end user to disable On-access for a 30 miinute period if necessary. We have people who transfer large files and who complained about McAfee slowing it down. Allowing the user to disable the OAS temporarily, cut down on these complaints. By setting the PE to 5 minutes, the user would only be able to disable the OAS for 5minutes at a time before the EPO policies get applied.