Go Premium for a chance to win a PS4. Enter to Win


Antivirus client task question

Posted on 2014-10-24
Medium Priority
Last Modified: 2014-10-27
Hi Experts,

I just finished the deployment of ePO 5.1 and pushed the av client to all laptops in my organization. next step will be setup client task to perform scan on all laptops, however I have a question

If we schedule for the evening, what is the behavior if the system is not up?  When scheduled scan is missed, will it run on next startup or not at all?

Please advise
Question by:Jerry Seinfield

Author Comment

by:Jerry Seinfield
ID: 40402951
Any updates?
LVL 50

Accepted Solution

dbrunton earned 1000 total points
ID: 40403632
From http://www.mcafee.com/us/microsites/sns-jnl/2014-08-vse-jnl.html

Do set the option for "run missed task" on a 5 to 10 minute delay, when creating an On-Demand Scan task. This will ensure that systems which are "offline" when the task is set to invoke, will run the task the next time the system is available. At the same time, this will allow a user to login and start applications as normal, prior to a system scan running. Of course, this will cause a scan to run while a user is active, so the administrator must decide if the added security is worth any potential performance impact.

If you do that you'll get the scan occurring if it is missed.

Note:  I'm presuming this option is available if you are using epo.
LVL 65

Assisted Solution

btan earned 1000 total points
ID: 40403949
First good to know what may cause the agent not to be installed as in below. Minimally, below must enable all of the following on the client and the Microsoft Windows networking environment. The credentials used for the push (from the ePO server or remote Agent Handler) must have local administrative rights on the client. Additionally, you will need to disable User Account (UAC) in Windows to successfully push an agent from ePO.

• Network protocols and ports required for machine name resolution
• ADMIN$ share
• File and Print sharing
• Server service
• Remote Registry service

So taking that out of the equation that the machine met this, rightfully McAfee ePO will can import your systems from AD and subsequently push agents from the McAfee ePO server using the remote deployment functionality. Use server tasks to run remote deployment at a specific interval, such as once per day.  Particularly, this process requires the target machine must be turned on. Just because the machine exists in Active Directory does not mean it is turned on and active on your network. During the push from the McAfee ePO server if the machine is not connected to the network then the push fails.

As in the guide (pg 55) also, the Client Task Assignment Builder page, you can see in the Schedule tab the below setting to configured such as - specifically note the "Run missed task" as a means to retry
• Schedule status — Enabled
• Schedule type — Daily
• Effective period — Select No end date
• Start time — Set to start at 9:00 AM, click Run at that time, and then repeat for, then set to 4 hour(s).
• Options — Select Enable randomization and set to 3 hour(s) 59 minute(s)
• Options — Select Run missed task and set to 10 minute delay. Once a system is connected to the managed network, after a 10 minute delay, the update packages are added to the system

but do note the known limitation and hotfixes for ePO 5.1

e.g. Issue: Agent to Server communication fails after upgrading to ePO 5.1.
Workaround: See the KnowledgeBase article for details. KB79889
e.g. Issue: The Agent Deployment server task does not expire when it cannot reach the client computer.
Workaround: See the KnowledgeBase article for details. KB79875
e.g. Issue: You are unable to install a remote Agent Handler to a Windows 2012 R2 system.
Workaround: See the KnowledgeBase article for details. KB80065
e.g. Issue: After upgrading to ePO 5.1, the System Tree displays a blank screen.
Workaround: See the KnowledgeBase article for details. KB79827
e.g Issue: The Wake Up Agent Remote command could hang when run after upgrading from ePO 5.0.0 to 5.1.0.

other info which you may also know..

We can also creates a new client events summary query. It displays events sent from each McAfee Agent to McAfee ePO. Items like update complete, update failed, deployment completed, or encryption started are considered client events.

In particular to finding inactive system, you can create a query and report to filter out systems that have not communicated with the McAfee ePO server in X number of days. Or your query and report can delete or automatically move these systems. It is more efficient to either delete or automatically move these inactive systems. Most organizations choose a deadline of between 14 and 30 days of no communication to delete or move systems.

For example, if a system has not communicated with the McAfee ePO server after that deadline you can delete or move that system to a group in your tree that you can designate as, for example, Inactive Agents. A preconfigured Inactive Agent Cleanup Task already exists, disabled by default, that you can edit and enable on your server.

See best practice pdf (for 5.0 though but should still be applicable)

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
With the shift in today’s hiring climate (http://blog.experts-exchange.com/ee-blog/5-tips-on-succeeding-in-the-new-gig-economy/?cid=Blog_031816), many companies are choosing to hire freelancers to get projects completed efficiently and inexpensively…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question