• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1115
  • Last Modified:

Antivirus client task question

Hi Experts,

I just finished the deployment of ePO 5.1 and pushed the av client to all laptops in my organization. next step will be setup client task to perform scan on all laptops, however I have a question

If we schedule for the evening, what is the behavior if the system is not up?  When scheduled scan is missed, will it run on next startup or not at all?

Please advise
Jerry Seinfield
Jerry Seinfield
2 Solutions
Jerry SeinfieldAuthor Commented:
Any updates?
From http://www.mcafee.com/us/microsites/sns-jnl/2014-08-vse-jnl.html

Do set the option for "run missed task" on a 5 to 10 minute delay, when creating an On-Demand Scan task. This will ensure that systems which are "offline" when the task is set to invoke, will run the task the next time the system is available. At the same time, this will allow a user to login and start applications as normal, prior to a system scan running. Of course, this will cause a scan to run while a user is active, so the administrator must decide if the added security is worth any potential performance impact.

If you do that you'll get the scan occurring if it is missed.

Note:  I'm presuming this option is available if you are using epo.
btanExec ConsultantCommented:
First good to know what may cause the agent not to be installed as in below. Minimally, below must enable all of the following on the client and the Microsoft Windows networking environment. The credentials used for the push (from the ePO server or remote Agent Handler) must have local administrative rights on the client. Additionally, you will need to disable User Account (UAC) in Windows to successfully push an agent from ePO.

• Network protocols and ports required for machine name resolution
• ADMIN$ share
• File and Print sharing
• Server service
• Remote Registry service

So taking that out of the equation that the machine met this, rightfully McAfee ePO will can import your systems from AD and subsequently push agents from the McAfee ePO server using the remote deployment functionality. Use server tasks to run remote deployment at a specific interval, such as once per day.  Particularly, this process requires the target machine must be turned on. Just because the machine exists in Active Directory does not mean it is turned on and active on your network. During the push from the McAfee ePO server if the machine is not connected to the network then the push fails.

As in the guide (pg 55) also, the Client Task Assignment Builder page, you can see in the Schedule tab the below setting to configured such as - specifically note the "Run missed task" as a means to retry
• Schedule status — Enabled
• Schedule type — Daily
• Effective period — Select No end date
• Start time — Set to start at 9:00 AM, click Run at that time, and then repeat for, then set to 4 hour(s).
• Options — Select Enable randomization and set to 3 hour(s) 59 minute(s)
• Options — Select Run missed task and set to 10 minute delay. Once a system is connected to the managed network, after a 10 minute delay, the update packages are added to the system

but do note the known limitation and hotfixes for ePO 5.1

e.g. Issue: Agent to Server communication fails after upgrading to ePO 5.1.
Workaround: See the KnowledgeBase article for details. KB79889
e.g. Issue: The Agent Deployment server task does not expire when it cannot reach the client computer.
Workaround: See the KnowledgeBase article for details. KB79875
e.g. Issue: You are unable to install a remote Agent Handler to a Windows 2012 R2 system.
Workaround: See the KnowledgeBase article for details. KB80065
e.g. Issue: After upgrading to ePO 5.1, the System Tree displays a blank screen.
Workaround: See the KnowledgeBase article for details. KB79827
e.g Issue: The Wake Up Agent Remote command could hang when run after upgrading from ePO 5.0.0 to 5.1.0.

other info which you may also know..

We can also creates a new client events summary query. It displays events sent from each McAfee Agent to McAfee ePO. Items like update complete, update failed, deployment completed, or encryption started are considered client events.

In particular to finding inactive system, you can create a query and report to filter out systems that have not communicated with the McAfee ePO server in X number of days. Or your query and report can delete or automatically move these systems. It is more efficient to either delete or automatically move these inactive systems. Most organizations choose a deadline of between 14 and 30 days of no communication to delete or move systems.

For example, if a system has not communicated with the McAfee ePO server after that deadline you can delete or move that system to a group in your tree that you can designate as, for example, Inactive Agents. A preconfigured Inactive Agent Cleanup Task already exists, disabled by default, that you can edit and enable on your server.

See best practice pdf (for 5.0 though but should still be applicable)

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now