If you have enabled threat events in ePO than you can send logs from your local machine to ePO and you can check those source and target file information under threat event tab of that machine.
Threat events are enabled. The problem I'm having is with unscannable files. I would like to know if there is some way to find out the names and locations of files that were not scanned. I can only see why they were not scanned.
In VSE 8.8, I can see this information on the scan logs.
I Would like to appreciate your blue-sky thinking.
In general Mcafee logs are located in Temp folder and Program data.
OAS/ODS scan related info are saved in Program data (C:\ProgramData\McAfee). You can find the number of files that are scanned and not scanned.
a sample screenshot is attached below. The info available in the logs will not provide the details( name and locations) of the files that are not scanned.
I don't know if the first part of your answer was a compliment or not
I'm aware of those statistics that are found in the log files. The client that wants this information about the unscannable files asked me if ENS provides this info, because it is possible to get it in VSE logs, and they are comparing both products while migrating from VSE to ENS.
Am sure its a compliment because the option to list out the info on the files that are not scanned is not available as of now in ENS.
Discussions on innovative ideas will make the product technically more advanced and here i would say you are into the limelight. so its definitely a compliment
Speaking about Migration from VSE to ENS, its already on the track. ENS is a bundled package of VSE/HIPS. Threat prevention module is kind of( or much more advanced) VSE and firewall is derived from HIPS. We cannot expect all the attributes to be implemented right away from VSE to ENS, when some thing is missing or not implemented its good that people like you come forward and raise a query on the same, so that it can be considered on high priority and dev team will make sure to meet the clients requirements and satisfaction. final outcome would be ENS is gonna be a far better, advanced, satisfactory and competitive product in Network security.
As a customer who pays for software, I would expect all the attributes of the "old" version to be implemented into the new version. Otherwise I would call the new version "beta". Unfortunately the software industry today works like that :-(
Within the last year, I really spent too many hours finding bugs, beginning with ENS 10.1. I'm not really amused about ENS 10.x.
catdaddy, of course I could. And I did.
The new ENS 10.5 function "https domain reachability" is based on my deep digging which did cost me weeks. Then, there was a handle leak, which will be fixed in 10.5 because of my troubleshooting (again weeks). Another one was the "LAG switching", they did not switch based on network connection but based on policy enforcement interval. Finally my custom patch was released with 10.1 Patch 1.
I am an external project member implementing Windows 10. The customer does not pay me to find and document bugs in software they already paid for.
But today that's business as usual :-( Not only with McAfee.
Thank you for your input. I sincerely hope a resolution is forthcoming