ePolicy 4.5 - Autodetect new systems

Hi

I'm looking to configure my installation of ePo 4.5 to automatically detect any new systems on our network, and then deploy the agent to these. What is the best way to do this? i've seen on a few forums that the Rogue System Detection is the way to go, but can't find any docs on how to configure it. I also have an AD sync running daily, so this might be another avenue to explore.

Any help would be greatly appreciated.
ITUCIRLAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
legalsrlConnect With a Mentor Commented:
OK, I've just re-read this post again for the nth time and found this

Thank you for the above,I have done the above, managed to get EPO to discover the machine and I have the deloyment (McAfee Agent) Client task set to run immediately. Left it over night, the machine is on the network and switched on, but the agent isnt being pushed out to the client.

This Client task needs to be VirusScan Enterprise deployment, not McAfee Agent (something I missed earlier)

Can you just check that there is no McAfee directory on the client under C:\Program Files ?

Cheers
Si
0
 
Pete LongTechnical ConsultantCommented:
i simply add the subnet to the collection - then it will detect the machiens as they come online
0
 
ITUCIRLAuthor Commented:
Thanks Pete

Would it be too much trouble to ask you to explain how i'd go about that?

I'm pretty much a novice with ePo!

Brian
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
legalsrlCommented:
Brian,
Are you looking to simply add machines to your ePO installation when they are joined to the network, or are you looking to be alerted of any machines connecting to your network ?

What you will need to do at a base level would be to do this;

1.  Go to My Organisation and highlight your AD domain
2.  Click Group Details, then Synchronisation Type
3.  Configure the Sync settings as required
4.  Push Agents to new systems when they are discovered

Once you have set this up, set up a Client Task at the root of your AD Group to deploy the AV etc and set that to run immediately

What I also do is to run a query every day for machines that have not communicated back to ePO within 3 days and then use those results to deploy a new agent to them

let me know if you need anything else

Cheers
Si


0
 
ITUCIRLAuthor Commented:
cool

I have that set up now. I'll add a new machine to the group tomorrow, and let you know how it goes.

Thanks!
0
 
BusinessSolutionsCommented:
Thank you for the above,I have done the above, managed to get EPO to discover the machine and I have the deloyment (McAfee Agent) Client task set to run immediately. Left it over night, the machine is on the network and switched on, but the agent isnt being pushed out to the client.

Any ideas?
0
 
legalsrlCommented:
Probably because epo already knows about it

Is it a new machine ?
Ta
Si
0
 
BusinessSolutionsCommented:
Yes i've just added it to the domain and EPO has found it after I did an AD sync. But it's not pushing out the Mcafee client agent even though there is client task for the container to deloy the agent.
0
 
legalsrlCommented:
OK, let's start by checking whether the credentials in the Synch Task with Deploy new agents are configured with the correct credentials


Can you dump the server task output for me ?

Cheers
Si
0
 
BusinessSolutionsCommented:
Here you go, doesnt really give you much info.
Server-Task-Log.csv
0
 
legalsrlCommented:
OK, let's check some basics to rule them out...

Can you browse to the C$ share of the machine from the ePO server ?
Is the firewall turned on ?
Can you deploy an agent to the machine manually from ePO ?
Can you browse to http://machinename:8081 ?

Cheers
Si
0
 
BusinessSolutionsCommented:
Ive managed to browse the C$ share of the machine i want to push the agent out to from the EPO server.

No firewall is turned on on the machine.

Yes if i manually deloy it deloys no problem.

From the EPO server i cannot browse to it via browser, but i can ping the hostname or ip address.
0
 
legalsrlCommented:
Autodeployment Screenshot Push Agent Screenshot
OK, I've attached 2 screenshots of how it should be configured, does yours match mine ?

Cheers
Si
0
 
BusinessSolutionsCommented:
Yup, all matching.
0
 
BusinessSolutionsCommented:
when i manually try to wake up the agent i look in the report and it says failed, when drilling down to find out why on the extended task details it says 1, waking up agent TESTRC2 using NetBIOS, 2, Unknown error contacting agent. 3, Wakeup agent failed.

But ive installed wireshark on the client in question and when i click on the wakeup agent, wireshark is picking up packets from my "EPO server ip":8080 and the client is sending back ACK's to it. So guessing it's not a layer 2 or 3 problem? Might be wrong though.
0
 
legalsrlCommented:
Ahhhhh....

Have you created a Server Task to actually RUN the synchronisation ?

Cheers
Si
0
 
BusinessSolutionsCommented:
Yeh in my Server tasks there is an AD sync,  see screenshot, or are you referring to some other sync?
server-tasks.JPG
0
 
legalsrlCommented:
Nope, that's the one.....

If you drill down in to the AD Sync Task from the Server Task Log, can you post what it says under the task ?

Cheers
Si
0
 
BusinessSolutionsCommented:
Here you go, the OU that the PC's im testing are in my organization\Test group
server-task-details.JPG
0
 
legalsrlCommented:
OK, looks interesting....the sync is working fine, but the autodeployment is not....

Can we delete the test machine from AD, run the Server Sync Task and then join the machine to the domain under a different name ?

Cheers
Si
0
 
BusinessSolutionsCommented:
Ok deleted machine from AD, removed client from domain, ran EPO server sync task. Renamed the client placed the client in the test OU within AD, ran the sync again and EPO is showing the new machine name TESTRC3.  (see screenshots)

But yet again autodeployment is not working. ive made sure that windows firewall is turned off and made sure the windows fireewall/Internet connection sharing (ICS) service is stopped.
server-audit-log.JPG
system-tree.JPG
0
 
BusinessSolutionsCommented:
Hi,

Im looking at the client task now and ive got (see screenshots) no VirusScan enterprise deployment
client-task.JPG
0
 
BusinessSolutionsCommented:
and here are my current client tasks under my test group.
client-tasks.JPG
0
 
BusinessSolutionsCommented:
sorry for the 3rd post, didnt mean to submit each time,

I have no mcafee directory within my C:\program files\
0
 
legalsrlCommented:
OK, on the page after the Product Deployment (McAfee Agent), presumably you have the option to choose what software needs to be deployed....this is where I'd expect to see VirusScan Enterprise as an option.....

Go back in to the Server Task Log and in to the AD Sync task that added the new machine and click on the Subtasks button (next to where it says Log Messages) and drill down in to the next tasks and drag the logs out of all of the tasks that you see

Cheers
Si
0
 
BusinessSolutionsCommented:
Yeh sorry i got McAfee agent for windows 4.0.0 Install, HIPS Install and VirusScan Enterprise 8.5.0 Install all are set to install under my client task.

Interesting ive drilled down and ive found this but im on the EPO server and i can browse to the client's C$ share. see screenshot, ive also attached screenshot of the failed to push agent to my client.
remote-network-path.JPG
failed-to-push-agent.JPG
0
 
legalsrlCommented:
Interesting.....

This is normally a firewall issue but you can ping the client, and access the C$ Share....can you access the ADMIN$ share ?

Can you retype the credentials that you use to deploy the Agent in the Sync Task setting

What Client OS are we talking ?

Cheers
Si


0
 
BusinessSolutionsCommented:
yes to the admin$ share yes to the C$ share. Client is running win xp sp3.

Interesting, ive removed it from the domain, changed the name of the client to TESTRC5 and placed back on the domain and now it's deployed the agent? What would have changed for EPO to push out the client now?
0
 
legalsrlCommented:
ePO might have already known about it's SID, or GUID of the machine.....

The way it's set  up should work for all new machines....

Remove the agent from it

Run NewSid on the machine

and give it a new name and  new SID and then join it to the domain again

Let me know what happens

Cheers
Si
0
 
BusinessSolutionsCommented:
It seems like it will try to add it once and never try to add the agent to the client again after it's failed. Because when i readd it to the domain as a new name and SID it pushes it out just fine. I have set the client task to run immediately and have ticked it to run at every windows enforcement. but it only tries the once.
0
 
legalsrlCommented:
Yes, that's correct......the task will only run once when it's sync'd...

To combat this, I normally write a query to deploy a new agent to machines that haven't checked in to ePO ever and then deploy a new agent on the back of that query

Glad it's working normally though :-)

Cheers
Si
0
 
BusinessSolutionsCommented:
I have found the solution!!!!!!!

Basically when i place a machine on the domain it takes a few mins to flush the dns on the EPO server. I found that when it was trying to push out the agent to the client I couldnt ping the client name only the address so figured it was a dns issue, sure enough when i flushed the DNS on the EPO it ping'd the client name it resolved the IP. The reason i didnt figure this out before was because when i was pinging the client after EPO tried to push out the agent the dns had added this entry already.

So now ive scheduled a task on the EPO server to flush the DNS every 5 mins.

Thank you for all your help Legalsrl, you have been more than helpful!!!!!!!! You're a star!
0
 
legalsrlCommented:
No worries, well spotted.....glad it all works :-)

Cheers for the points
Ta
Si
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.