Solved

Antivirus client task question

Posted on 2014-10-24
3
813 Views
Last Modified: 2014-10-27
Hi Experts,

I just finished the deployment of ePO 5.1 and pushed the av client to all laptops in my organization. next step will be setup client task to perform scan on all laptops, however I have a question

If we schedule for the evening, what is the behavior if the system is not up?  When scheduled scan is missed, will it run on next startup or not at all?

Please advise
0
Comment
Question by:Jerry Seinfield
3 Comments
 

Author Comment

by:Jerry Seinfield
ID: 40402951
Any updates?
0
 
LVL 47

Accepted Solution

by:
dbrunton earned 250 total points
ID: 40403632
From http://www.mcafee.com/us/microsites/sns-jnl/2014-08-vse-jnl.html

Do set the option for "run missed task" on a 5 to 10 minute delay, when creating an On-Demand Scan task. This will ensure that systems which are "offline" when the task is set to invoke, will run the task the next time the system is available. At the same time, this will allow a user to login and start applications as normal, prior to a system scan running. Of course, this will cause a scan to run while a user is active, so the administrator must decide if the added security is worth any potential performance impact.

If you do that you'll get the scan occurring if it is missed.

Note:  I'm presuming this option is available if you are using epo.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points
ID: 40403949
First good to know what may cause the agent not to be installed as in below. Minimally, below must enable all of the following on the client and the Microsoft Windows networking environment. The credentials used for the push (from the ePO server or remote Agent Handler) must have local administrative rights on the client. Additionally, you will need to disable User Account (UAC) in Windows to successfully push an agent from ePO.

• Network protocols and ports required for machine name resolution
• ADMIN$ share
• File and Print sharing
• Server service
• Remote Registry service

So taking that out of the equation that the machine met this, rightfully McAfee ePO will can import your systems from AD and subsequently push agents from the McAfee ePO server using the remote deployment functionality. Use server tasks to run remote deployment at a specific interval, such as once per day.  Particularly, this process requires the target machine must be turned on. Just because the machine exists in Active Directory does not mean it is turned on and active on your network. During the push from the McAfee ePO server if the machine is not connected to the network then the push fails.

As in the guide (pg 55) also, the Client Task Assignment Builder page, you can see in the Schedule tab the below setting to configured such as - specifically note the "Run missed task" as a means to retry
• Schedule status — Enabled
• Schedule type — Daily
• Effective period — Select No end date
• Start time — Set to start at 9:00 AM, click Run at that time, and then repeat for, then set to 4 hour(s).
• Options — Select Enable randomization and set to 3 hour(s) 59 minute(s)
• Options — Select Run missed task and set to 10 minute delay. Once a system is connected to the managed network, after a 10 minute delay, the update packages are added to the system

but do note the known limitation and hotfixes for ePO 5.1
https://kc.mcafee.com/corporate/index?page=content&id=KB79062

e.g. Issue: Agent to Server communication fails after upgrading to ePO 5.1.
Workaround: See the KnowledgeBase article for details. KB79889
e.g. Issue: The Agent Deployment server task does not expire when it cannot reach the client computer.
Workaround: See the KnowledgeBase article for details. KB79875
e.g. Issue: You are unable to install a remote Agent Handler to a Windows 2012 R2 system.
Workaround: See the KnowledgeBase article for details. KB80065
e.g. Issue: After upgrading to ePO 5.1, the System Tree displays a blank screen.
Workaround: See the KnowledgeBase article for details. KB79827
e.g Issue: The Wake Up Agent Remote command could hang when run after upgrading from ePO 5.0.0 to 5.1.0.

other info which you may also know..

We can also creates a new client events summary query. It displays events sent from each McAfee Agent to McAfee ePO. Items like update complete, update failed, deployment completed, or encryption started are considered client events.

In particular to finding inactive system, you can create a query and report to filter out systems that have not communicated with the McAfee ePO server in X number of days. Or your query and report can delete or automatically move these systems. It is more efficient to either delete or automatically move these inactive systems. Most organizations choose a deadline of between 14 and 30 days of no communication to delete or move systems.

For example, if a system has not communicated with the McAfee ePO server after that deadline you can delete or move that system to a group in your tree that you can designate as, for example, Inactive Agents. A preconfigured Inactive Agent Cleanup Task already exists, disabled by default, that you can edit and enable on your server.

See best practice pdf (for 5.0 though but should still be applicable)
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24875/en_US/ePO_500_best_practices_en-us.pdf
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Forticlients not registering to Fortigate 3 91
Website BlackListed 22 81
Ransom.CRYPTXXX Activity 2 9 92
Phone service in Israel 4 34
Whether you believe the “gig economy,” as it has been dubbed, is the next big economic paradigm shift (https://www.theguardian.com/commentisfree/2015/jul/26/will-we-get-by-gig-economy) or an overstated trend (http://www.wsj.com/articles/proof-of-a-g…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now