[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 670
  • Last Modified:

McAfee logs query

Hi All,

We are running McAfee EPO 4.0 Server

If I get a virus on a machine, then I am sent a notification message. However, is there anyway to check via the EPO what has happened to the virus (deleted by McAfee etc) or do I actually have to log onto the client and check the local McAfee log?

  • 2
1 Solution
Hi Joe, if you click on Reporting on the Tab in ePO, then you can run a bunch of reports that tell you what McAfee did with it, cheers Si

If you click on the repoirting
Joe_BuddenAuthor Commented:
Hi Again Si!

Thanks...I've actually gone to McAfee > Reporting > Report > Query Builder (Filter) but can't see the Event I need to specify to show what  McAfee has done with this? Or am I looking in the wrong place?

Also - I also have a notification set up for 'Virus Detected and Not removed' but, again, I'd like to incorporate what McAfee did with the virus (delete, not delete etc) but can't find the option?

Thanks again for the help!
Hi Joe,

Go to Reporting, Notification Rules
New Rule, call it Tell me when there's a detection and it's removed
Choose the VirusScan product and then put a check in the box for "Virus Detected and Removed" and complete the wizard

Do the same for a not removed rule....

You can also create a report that is emailed to you of the detections in the last 24 hours and the results;

Have a play with the Threat Handled & Action Taken columns



Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now