McAfee logs query

Hi All,

We are running McAfee EPO 4.0 Server

If I get a virus on a machine, then I am sent a notification message. However, is there anyway to check via the EPO what has happened to the virus (deleted by McAfee etc) or do I actually have to log onto the client and check the local McAfee log?

Thanks!
LVL 1
Joe_BuddenAsked:
Who is Participating?
 
legalsrlConnect With a Mentor Commented:
Hi Joe,

Go to Reporting, Notification Rules
New Rule, call it Tell me when there's a detection and it's removed
Choose the VirusScan product and then put a check in the box for "Virus Detected and Removed" and complete the wizard

Do the same for a not removed rule....

You can also create a report that is emailed to you of the detections in the last 24 hours and the results;

Have a play with the Threat Handled & Action Taken columns

Cheers
Si



0
 
legalsrlCommented:
Hi Joe, if you click on Reporting on the Tab in ePO, then you can run a bunch of reports that tell you what McAfee did with it, cheers Si

If you click on the repoirting
0
 
Joe_BuddenAuthor Commented:
Hi Again Si!

Thanks...I've actually gone to McAfee > Reporting > Report > Query Builder (Filter) but can't see the Event I need to specify to show what  McAfee has done with this? Or am I looking in the wrong place?

Also - I also have a notification set up for 'Virus Detected and Not removed' but, again, I'd like to incorporate what McAfee did with the virus (delete, not delete etc) but can't find the option?

Thanks again for the help!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.