Antivirus client task question

Posted on 2014-10-24
Last Modified: 2014-10-27
Hi Experts,

I just finished the deployment of ePO 5.1 and pushed the av client to all laptops in my organization. next step will be setup client task to perform scan on all laptops, however I have a question

If we schedule for the evening, what is the behavior if the system is not up?  When scheduled scan is missed, will it run on next startup or not at all?

Please advise
Question by:Jerry Seinfield

Author Comment

by:Jerry Seinfield
ID: 40402951
Any updates?
LVL 48

Accepted Solution

dbrunton earned 250 total points
ID: 40403632

Do set the option for "run missed task" on a 5 to 10 minute delay, when creating an On-Demand Scan task. This will ensure that systems which are "offline" when the task is set to invoke, will run the task the next time the system is available. At the same time, this will allow a user to login and start applications as normal, prior to a system scan running. Of course, this will cause a scan to run while a user is active, so the administrator must decide if the added security is worth any potential performance impact.

If you do that you'll get the scan occurring if it is missed.

Note:  I'm presuming this option is available if you are using epo.
LVL 62

Assisted Solution

btan earned 250 total points
ID: 40403949
First good to know what may cause the agent not to be installed as in below. Minimally, below must enable all of the following on the client and the Microsoft Windows networking environment. The credentials used for the push (from the ePO server or remote Agent Handler) must have local administrative rights on the client. Additionally, you will need to disable User Account (UAC) in Windows to successfully push an agent from ePO.

• Network protocols and ports required for machine name resolution
• ADMIN$ share
• File and Print sharing
• Server service
• Remote Registry service

So taking that out of the equation that the machine met this, rightfully McAfee ePO will can import your systems from AD and subsequently push agents from the McAfee ePO server using the remote deployment functionality. Use server tasks to run remote deployment at a specific interval, such as once per day.  Particularly, this process requires the target machine must be turned on. Just because the machine exists in Active Directory does not mean it is turned on and active on your network. During the push from the McAfee ePO server if the machine is not connected to the network then the push fails.

As in the guide (pg 55) also, the Client Task Assignment Builder page, you can see in the Schedule tab the below setting to configured such as - specifically note the "Run missed task" as a means to retry
• Schedule status — Enabled
• Schedule type — Daily
• Effective period — Select No end date
• Start time — Set to start at 9:00 AM, click Run at that time, and then repeat for, then set to 4 hour(s).
• Options — Select Enable randomization and set to 3 hour(s) 59 minute(s)
• Options — Select Run missed task and set to 10 minute delay. Once a system is connected to the managed network, after a 10 minute delay, the update packages are added to the system

but do note the known limitation and hotfixes for ePO 5.1

e.g. Issue: Agent to Server communication fails after upgrading to ePO 5.1.
Workaround: See the KnowledgeBase article for details. KB79889
e.g. Issue: The Agent Deployment server task does not expire when it cannot reach the client computer.
Workaround: See the KnowledgeBase article for details. KB79875
e.g. Issue: You are unable to install a remote Agent Handler to a Windows 2012 R2 system.
Workaround: See the KnowledgeBase article for details. KB80065
e.g. Issue: After upgrading to ePO 5.1, the System Tree displays a blank screen.
Workaround: See the KnowledgeBase article for details. KB79827
e.g Issue: The Wake Up Agent Remote command could hang when run after upgrading from ePO 5.0.0 to 5.1.0.

other info which you may also know..

We can also creates a new client events summary query. It displays events sent from each McAfee Agent to McAfee ePO. Items like update complete, update failed, deployment completed, or encryption started are considered client events.

In particular to finding inactive system, you can create a query and report to filter out systems that have not communicated with the McAfee ePO server in X number of days. Or your query and report can delete or automatically move these systems. It is more efficient to either delete or automatically move these inactive systems. Most organizations choose a deadline of between 14 and 30 days of no communication to delete or move systems.

For example, if a system has not communicated with the McAfee ePO server after that deadline you can delete or move that system to a group in your tree that you can designate as, for example, Inactive Agents. A preconfigured Inactive Agent Cleanup Task already exists, disabled by default, that you can edit and enable on your server.

See best practice pdf (for 5.0 though but should still be applicable)

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
If you want to move up through the ranks in your technology career, talent and hard work are the bare necessities. But they aren’t enough to make you stand out. Expanding your skills, actively promoting your accomplishments and using promotion st…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: (…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now