5 Replies Latest reply on Nov 11, 2008 7:13 AM by Turift

    Newbie Question

      Hi There,

      I am VERY new to EPO, our security admin has left, and the tasks have been assigned to me for the time being. I know NOTHING about this and have a simple question, I'm sure.

      We are running EPO 4.0 in an enterprise environment. I have 2 servers that have the virus scan client on them, and I need to disable those clients permanently. How would I go about doing that? I'm sure I have left out a ton of information, so please let me know what else is needed and I will do my best to answer.

      Thanks for the help,
        • 1. RE: Newbie Question
          Quick solution:
          Search for the computer in "Quick System Search"
          Select the system and click delete. A new option apears lower left corner, choose remove agent and then ok. This will delete the system.

          That will not disable autoinstallation, if enabled;

          If you want to disable that, select the computer and click "Modify Task on Single System" and first uncheck "Task and schedule settings" then click edit deployment, could be named to something completely different, and click on the minus sign under "2 Configuration" to remove the different deployment tasks.
          • 2. RE: Newbie Question
            Thanks for the response. I just spoke with the guy that used to administer our EPO, and he suggested that I not remove virus scan, and I agree. Rather he suggested I create group, move the server into that group and apply a policy that disables on-access scan. When the server’s administrator his done with his maintenance, move it out of that group. I thought it sounded pretty straight forward, but he said it’s not and suggested that I call McAfee for assistance. I thought I would start here. Any thoughts? Thanks!

            • 3. RE: Newbie Question
              That sounds like a better approach.

              Either you create a top level policy which you then apply to the mentioned servers, which gives you the possibility to reuse it when you want, or you just edit the assigned policy for each specific server. The first one would I consider best practise, as I gives you the possiblity to overlook which systems that are assign to each policy better.

              So, how do you do that then. For the first option:
              Starting from Dashboard, click systems (top, middle of the screen)
              Choose policy catalog, from the top drop down list (product), choose VirusScan Enterprise, which ever you use. Then from the second drop down (Category) you want to look at 'On-Access Default Processes Policies' and 'On-Access General Policies'.
              You should probably have one named after your company or something.

              You can check which one the affected servers use by searching for them in dashboard, mark one at a time and choose 'modify policy on single system'. You will see the same view like the one above.

              Back to editing, click Duplicate and name your new policy to something similar, and maybe adding DISABLED or something to indicate the state of OAS.
              Once done, you search or select the system and choose 'Modify Policies on A Single System' and click 'Edit Assignment', select 'Break inheritance and assign the policy and settings below' and select your newly created policy.
              Don't forget to save :)

              Make sure the servers are aware of the new settings by selecting them and do 'Wake up Agents'

              That should be it.

              I would encourage you to take a look at the rest of the policies as well so you get familiar with them and what they do.

              What are the reason for disabling the VSE? Is it for some kind of application? If so, check if McAfee has recommendations for scanning exclusions that you could make for those systems to make it work more smoothly, and you won't need to disable it entirely.

              And finally, take a look at the guides for ePO. https://knowledge.mcafee.com/SupportSite/supportcentral/supportcentral.do?id=m1 is a good start.

              Take care
              • 4. RE: Newbie Question
                Thanks for the help!! This was extremely helpful, it actually helped me to understand the policies that were already there and the how's and why's of them.

                The reason for disabling is because in the line of troubleshooting an issue, any kind of virus scanning application is the first one to get blamed. Therefore we disable virus scan to prove that it is NOT the cause of the problem.

                Thanks again!!
                • 5. RE: Newbie Question
                  Hehe, It's _always_ the antivirus :)

                  And it's not the first nor the last time...

                  Glad it helped.

                  Best Regards