6 Replies Latest reply on Jan 28, 2009 6:11 AM by stuartr

    Policies for VirusScan do not work

      Running Mcaffee 8.0i on the desktop and ePO 3.6.1.166 server.

      ePO in general works, I can push out virus updates etc. I have central email notification of alerts working, so is a virus is detected on a workstation I get an email.

      However the server which has the email sender on, cant send email when the Access Protection of 8.0i part is running.

      I can go in and modify 'access protection\prevent mass mailing worms from sending mail' and I can then send email for a short while but within a few minutes the policy enforcement applies the standard list of excluded processes, and the exception for my email program dissapears.

      Nothing I do to policies at any level in the directory works, if I set the policy at the top 'Directory' container and turn everything onto inherit that dont work.

      If I select the specific machine in ePO, disable inherit, and create a specific policy for that machine and disable the 'prevent mass mailing worms' rule, the machine does not pick up the changes.

      Its as if the 'McAfee Default' policy is always being applied, even though its not selected.

      Ideas anyone ?
        • 1. RE: Policies for VirusScan do not work
          tonyb99
          You are checking that you are applying the policy with the server box rather than the workstation box selected and then saving it before moving on?

          This catches a lot of people out
          • 2. RE: Policies for VirusScan do not work
            Yes, I am doing that.
            • 3. RE: Policies for VirusScan do not work
              tonyb99
              after altering the policy for a specific machine and then waking it up does the agent log show the altered policies being merged or is there nothing in the agent log for it?
              • 4. RE: Policies for VirusScan do not work
                If by the agent log you mean the log on the console;

                http://localhost:8081

                That says its enforcing policies for VIRUSCAN8000 every 5 mins, but nothing about policies being merged
                • 5. RE: Policies for VirusScan do not work
                  Hi Stuartr,

                  Did you find a solution do this? We had a similar (very strange) issue on some of our clients. Even though these clients were communicating fine with ePO and were configured to use "policy A" via the ePO server, they would not stop running the "McAfee Default Policy" hence blocking port 25! We had to duplicate "Policy A" and re-apply that policy in order for the clients to stop applying the McAfee default policy.

                  Any else ever see this problem?
                  • 6. Well ....  not specifically.
                    However I did discover that the server running ePO as a VMWARE image was very underpowered, a 32MB swap file and only limited memory allocated to the ePO Server.

                    I also discovered (i.e. I never checked) that there were many thousands of backlogged tasks to do with pushing the agents out.

                    I cleared out all the old tasks, gave it more memory etc and the ePO server now seems very much more responsive.

                    I recently made a global change to allow a WSUS server application to send out notification mail, whilst the change is in the directory policy (to allow w3wp.exe to send mail) its not reached the WSUS server.

                    But other problems with the ePO agent remain, which may be part of the issue with the email exception list not sticking, so I have only just today brough the ePO server up to 3.6.1.255 level, and I will be trying the 'new' ePO agent shortly.

                    If you post another message in a couple of weeks I will let you know if the issue is resolved.