1 2 Previous Next 12 Replies Latest reply on Jan 9, 2017 1:52 AM by Troja

    Scan using a client task

    haran92

      Hi,

       

      Currently in my environment, I have client task to start a scheduled scan by every Wednesday 2:00AM (non business hours). though the over all compliance percentage per day is more than 90%, I could see that most of the machines are not getting scan task and scan completed.

       

      I would like o know a suggestion on "Missed task option" or any other client task option in ePO to make all the desktops getting scan initiated and completed.

        • 1. Re: Scan using a client task
          catdaddy

          haran92,

                               Moved from Community Support to ePolicy Orchestrator (ePO) > Discussions

                                For better exposure and assistance. If needed to be moved to (VSE) please apprise.

           

          Regards,

          Cliff

          Moderator

          Consumer Products

          1 of 1 people found this helpful
          • 3. Re: Scan using a client task
            catdaddy

            You are quite welcome Hopefully someone will be along shortly and add to the discussion.

             

            Troja  Could you kindly assist haran92 ?

            Artfulbodger could you kindly assist haran92 ?

            • 4. Re: Scan using a client task
              Richard Carpenter

              Hi haran92

               

              We use the 'Missed Task' option for this very reason.  We schedule our Front of office scans for a time where we know they will be switched off, and using the Missed Task option with a delay of 30 mins to enable the user to 'start' the machine.

               

              Regards

              Rich

              McAfee Volunteer Moderator

              Business Products

              1 of 1 people found this helpful
              • 5. Re: Scan using a client task
                catdaddy

                Thank you Rich

                • 6. Re: Scan using a client task
                  haran92

                  Thanks Rich :-) So how does MISSED TASK with 30 min delay works ? 

                  Below is my understanding. let me know if it is correct or wrong ?

                   

                  • My Task is scheduled by 2:00 AM
                  • the machine comes online 10:00AM
                  • the task which is missed at 2:00 AM will run at 10:30 AM

                  Will this configuration increases CPU utilization of the machine as the scan is initiated immediately after the login. ??

                  • 7. Re: Scan using a client task
                    Richard Carpenter

                    Hi,

                     

                    The Client Task assignment will have no effect on the task CPU utilisation weather it runs at 02:00 or 10:30.  The Client task will use the same amount of resources. So yes your assumption that the CPU utilisation will increase is correct.

                     

                    Our DAT update task is set as follows:

                     

                    Screen Shot 2017-01-04 at 13.48.41.png

                     

                    This has the effect that the task will run 30 mins after the service detects that the task was not run at the prescribed time, ie in this instance 30 mins post boot/service start.

                     

                    We normally run our Front Office scans during the nominal Lunch break, so the last kicks off at 13:00.  Our business accepts that we need to scan all the machines but we try to make it as least inconvenient as possible to the end users.

                     

                    Rich

                    1 of 1 people found this helpful
                    • 8. Re: Scan using a client task
                      Troja

                      Hi , as Richard explained,

                      using the specific task option is a good way to plan your tasks in detail. If you activate this features and you want to figure out some more info what happens like... scan was cancelled or something else you may check the Event Filter.

                      There are specical events that can be activated (not shure if they are activated per default) to track if an OnDemand Scan was executed.

                       

                      Event 1034: Scan completed. No viruses found. (Info) 

                      Event 1035: Scan was cancelled. (Info)

                      Event 1202: On-Demand Scan started (Info)

                      Event 1203: On-Demand Scan complete (Info)

                      and more........

                       

                      In some special cases there are to many endpoint tasks at the same time and some tasks therefore are not started. Also check your Task Assignments. You can also use the Performance Optimizer Extension to check such troubles.

                       

                      An Reporting hint, use the "last communication" value to see if the systems are online. Often systems are not online and this has an effect for you reports.

                       

                      Cheers

                      1 of 1 people found this helpful
                      • 9. Re: Scan using a client task
                        tao

                        For me, there's one question that needs to be asked - what are your scanning requirements and/or Business/Organization policy/regulation on scanning (peak or non-peak business hours)?  Meaning, does your Business/Organization culture allow for scanning during business hours - Security Professionals will say yes - If it impacts production, my guess, get ready to dial the scanning back to non-business hours.

                         

                        If the answer is non-peak business hours - perhaps scheduling two or three more non-business hours scanning - this may not catch all the units that continuously powered off after business hours - yet, the odds are good that you will catch some AND in process wont' impact production.

                         

                        After a week or so run a query, E-Mail those that continuously miss a scan and request to have them leave the system up once/twice a week.

                        1 2 Previous Next