McAfee logs query

Posted on 2009-04-18
Last Modified: 2013-12-09
Hi All,

We are running McAfee EPO 4.0 Server

If I get a virus on a machine, then I am sent a notification message. However, is there anyway to check via the EPO what has happened to the virus (deleted by McAfee etc) or do I actually have to log onto the client and check the local McAfee log?

Question by:Joe_Budden
    LVL 16

    Expert Comment

    Hi Joe, if you click on Reporting on the Tab in ePO, then you can run a bunch of reports that tell you what McAfee did with it, cheers Si

    If you click on the repoirting
    LVL 1

    Author Comment

    Hi Again Si!

    Thanks...I've actually gone to McAfee > Reporting > Report > Query Builder (Filter) but can't see the Event I need to specify to show what  McAfee has done with this? Or am I looking in the wrong place?

    Also - I also have a notification set up for 'Virus Detected and Not removed' but, again, I'd like to incorporate what McAfee did with the virus (delete, not delete etc) but can't find the option?

    Thanks again for the help!
    LVL 16

    Accepted Solution

    Hi Joe,

    Go to Reporting, Notification Rules
    New Rule, call it Tell me when there's a detection and it's removed
    Choose the VirusScan product and then put a check in the box for "Virus Detected and Removed" and complete the wizard

    Do the same for a not removed rule....

    You can also create a report that is emailed to you of the detections in the last 24 hours and the results;

    Have a play with the Threat Handled & Action Taken columns



    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    12 Steps to a more secure Internet experience ( Everyone who is a licensed driver initially had to pass a driving test that consisted of taking:    1. a written test    2. a road test    3. a vision test Le…
    PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now