Moved to ePO for better response, hopefully.
I thought I should add some more detail about my trial run of ePO 5.3 and more carefully note my questions.
I have had ePO 4.6.5 installed with a single Linux client (in my test suite - operationally there are many windows and Linux clients). I typically will place a copy of EICAR test virus on a client to verify that all is working. in my 4.6.5 ePO setup, my single Linux client has agent version (MFEcma-4.6.0-1694 and MFErt-2.0-0) - these are deployed to the client by running the install.sh script that is generated by ePO. on ePO, 4.6.5 setup I had installed the package VirusScan Enterprise for Linux version 1.9.0-2822 and extenstions LYNXSHLDPARSER 22.214.171.1241 and LYNXSHLD1900 version 126.96.36.1991. Then I create a client task to deploy the VSEForLinux to the client. I then set up an on-demand scan task and (with NAI on-access scanning disabled on the client), I put the EICAR test virus on the client and from ePO I select the on-demand task and "run task now" for the selected Linux client. a few minutes later, the EICAR virus is removed (or sent to the quarantine directory) and a record of the action shows up in the "threat events" table for the client in the ePO GUI....so all seems to work with 4.6.5...
fast forward to 5.3 and with the same scenario I get some errors that I need some help with.
I start by uninstalling the MFEcma, MFErt and VSEForLinux from the client directly...
I also "unmanaged" the client from ePO
I then generate a new install.sh file from the ePO 5.3 and run it on the client. (agent is now at version 4.8) and the install appears successful. A few minutes later the client shows up again in the list of managed clients in the system tree.
On ePO 5.3, I also installed VirusScan Enterprise for Linux version 1.9.0-2822 package and the LYNXSHLD1900 version 188.8.131.521. - both of these were successfully installed, but the ePO complained that my version of LYNXSHLD PARSER is not compatible with ePO 5.3....still looking for a later version of this for trial download (long story but can't use my grant # yet to procure from official site)...If anyone can provide a link for a trial version of the necessary extensions and packages to compliment trial version of ePO 5.3, I'd be grateful
with ePO 5.3 I push the VSEForLinux with the same deploy task as used in the 4.6.5 environment and the client update seems to be OK....
but now if I put the EICAR file on the client, and push/run the on-demand scan, nothing happens....(i.e. not quarantined and no events listed for that client in ePO.
I enable on-access scanning on the client and then the EICAR file is removed, but still no event posted to ePO. does this have anything to do with the PARSER not installed in ePO - any other ideas???
Also, my clients have two Ethernet intefaces (only one of which can reach ePO)....when the clients report to ePO (as seen in the system tree) after having run the install.sh, they report with the wrong IP address, but ePO "pings" and wakeups appear to be working (of note, no DNS in this lab...just entries in host files as needed)....I'm not sure if this will cause any of the issues I'm seeing...
thanks again for any attention here to this post.
one other thing if I may....in ePO 4.6.5 (with agent 4.6) I was able to "run task now" for the on-demand scan to Linux clients...now with 5.3 (with agent 4.8), ePO gives me an error that "run task now" is supported on for windows.....
in the product guide for agent 4.8 support for "run now" is noted without reference to limits on Linux...can anyone elaborate here??? am I doing something wrong??
As I dig through this I've run into another question...
although the agent 4.8 appears to be installed (and is reported as such in ePO on managed server pages) on my client, it is clearly not working properly.
documentation for the agent 4.8 (product guide) says I need to download and install into ePO the ePOAgentMeta extension....(according to the docs, THIS IS the agent), but I was able to create an install.sh for Linux which installed the agent on my client without having downloaded/installed the ePOAgentMeta.zip extension into ePO...so is my trial version "special" in that I already contains this and will I expect something different from the actual enterprise version I plan to procure?
thanks again all.
another note to clarify....I completely uninstalled ePO 4.6.5 and re-installed 5.3 (not an upgrade)
thank you again for any support.