6 Replies Latest reply on Feb 9, 2017 5:12 PM by johnmoe

    Malware Detection History not working

    aschappell

      Hello,

       

      I am having an issue where Malware Detection History has stopped working in McAfee Epo 5.3

       

      Does anyone know why and how i can get it working again?

       

      Thanks!

        • 1. Re: Malware Detection History not working
          syedali

          Hi Chapell,

           

          I will suggest you to create an event with Eicar  test and follow the sequence.

           

          1. Whether event is getting created or not (\Documents and settings\All Users\Application data\McAfee\Common framework\AgentEvents).

           

          2. If yes then please click send events from Agent monitor window.

           

          3. Verify if the event has come to ePO \DB\Events folder.

           

          4. If it parsed succesfully to DB then it should appear in the query result.

           

          5. If not then please look at Event parser log file why event parsing is failed.

           

           

          1 of 1 people found this helpful
          • 2. Re: Malware Detection History not working
            syedali

            In addition check if the events are not filtered out under server settings. You can also take a look at below kB

             

            https://kc.mcafee.com/corporate/index?page=content&id=KB53317

            • 3. Re: Malware Detection History not working
              aschappell

              Is it possible to do this from the server side?

              • 4. Re: Malware Detection History not working
                syedali

                From the epo server side you can check the following.

                Verify if the event has come to ePO \DB\Events folder.

                 

                4. If it parsed succesfully to DB then it should appear in the query result.

                 

                5. If not then please look at Event parser log file why event parsing is failed

                 

                Client side follow the below

                Whether event is getting created or not (\Documents and settings\All Users\Application data\McAfee\Common framework\AgentEvents).

                 

                2. If yes then please click send events from Agent monitor window.

                It all boils down to what threat events you want to see in the threat history

                • 5. Re: Malware Detection History not working
                  aschappell

                  Im talking about the ePO summary dashboard, there is a spot that says "Malware Detection History", It stopped updating in November, It is now January. Did I change the settings in ePO to stop it from reporting? I dont care about the client side right now.

                   

                  Thank you,

                  • 6. Re: Malware Detection History not working
                    johnmoe

                    The client is where the malware detections originate.  syedali's first reply to you follows the detection process:

                     

                    1. Once malware is detected on the client system, it generates an event. The event also creates a file on the client. For my agents, that folder is actually C:\ProgramData\McAfee\Agent\AgentUploads.
                    2. Pressing "Send Events" from the Agent Monitor tells the client to send it now, rather than wait for the next server check-in.
                    3. Once the client finishes sending the event, that file should now exist on the ePO server, under <ePO installation folder>\DB\Events.
                    4. From there, it should disappear when it gets imported into the database.  If it disappears, then the event should be in the database, and you should be able to query it.

                     

                    Also, they're asking you to check your ePO Server Settings --> Event Filter, and verify that you're not filtering out malware events from reporting to the ePO server.