Moved to EPO forum for a better chance of a solution
it is not possible to communicate with the Agent directly. Agent 5.x stores sensitive information locally and encrypted on the endpoint. The Agent uses a "two factor" security. This means, EPO authenticates an Agent usind a certificate. The agent itself checks if it is communicating with the right EPO server. This is important for Man-in-the-middle attacks. The product design is as followed. The policy is generated on EPO -> the agent pulls the policy and enforces the policy on the endpoint based on EPO settings. Therefore it is also not necessary to build an own API for the agent.
What do you want to configure on the endpoint?
Hello Troja ,
Thanks a lot for your reply. On the endpoint I want to tell the agent to scan a specific file uploaded to a folder . Just scan and get me the result of the scan do not take any actions. Based on that report we will take different actions. Basically the agent will run on a VM and a 3rd party application is notifying my agent which uploads files for scanning. We will have only agent deployed on that VM.
Do you think this can be accomplished ?
just define a OnDemand scan for this system. Using "Run Client Task Now" you can do this in real time using EPO.
To do automatic scanning you have several options.
1) if there is VSE or ENS installed on the system where a file is uploaded, this file is scanned automatically. Based on your policy, the endpoint product will react different.
2) If the upload is HTTP you may use MWG as a reverse proxy to scan files before they are stored on the endpoint.
3) If the folder, where files are uploaded, is always the same you may active a sheduled task in EPO to scan this folder in regular intervals with higher or tighter settings than the OnAccess Scan.
Hope this helps,
This helps. Thank you very much!
I was able to get VSE8.8 installed on my windows VM and I am struggling to run it
What I'm trying to accomplish is to scan a file and report status (fail/success is enough)
I am trying something like this but "/REPORT=C:\Scan\report.txt " is treated as a folder to be scanned if I remove /UINONE
c:\Program Files (x86)\McAfee\VirusScan Enterprise\x64>Scan64.Exe /UINONE /REPORT=C:\Scan\report.txt C:\Scan\test.rtf
Please advise whats the quickest way to get the result of the scan-only without actions for a file.
I really appreciate your help.
I was wondering if there is a way to estimate how long will take for a 1GB file size to be scanned by the mcafee . Please advise.
there are two different tools available for tracing. VSE 8.8 uses the "profiler" which is available from the McAfee site or, i think, there is an EPO version available in the community. For ENS you may use the trace tool, it is available in the support portal. I just do not find the KB article at the moment, have my notes in the office.
Thank you. If you can provide the kb link when you have time will be really helpful.
Thanks again for your quick response.