Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Antivirus client task question

Posted on 2014-10-24
3
Medium Priority
?
1,048 Views
Last Modified: 2014-10-27
Hi Experts,

I just finished the deployment of ePO 5.1 and pushed the av client to all laptops in my organization. next step will be setup client task to perform scan on all laptops, however I have a question

If we schedule for the evening, what is the behavior if the system is not up?  When scheduled scan is missed, will it run on next startup or not at all?

Please advise
0
Comment
Question by:Jerry Seinfield
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 

Author Comment

by:Jerry Seinfield
ID: 40402951
Any updates?
0
 
LVL 49

Accepted Solution

by:
dbrunton earned 1000 total points
ID: 40403632
From http://www.mcafee.com/us/microsites/sns-jnl/2014-08-vse-jnl.html

Do set the option for "run missed task" on a 5 to 10 minute delay, when creating an On-Demand Scan task. This will ensure that systems which are "offline" when the task is set to invoke, will run the task the next time the system is available. At the same time, this will allow a user to login and start applications as normal, prior to a system scan running. Of course, this will cause a scan to run while a user is active, so the administrator must decide if the added security is worth any potential performance impact.

If you do that you'll get the scan occurring if it is missed.

Note:  I'm presuming this option is available if you are using epo.
0
 
LVL 64

Assisted Solution

by:btan
btan earned 1000 total points
ID: 40403949
First good to know what may cause the agent not to be installed as in below. Minimally, below must enable all of the following on the client and the Microsoft Windows networking environment. The credentials used for the push (from the ePO server or remote Agent Handler) must have local administrative rights on the client. Additionally, you will need to disable User Account (UAC) in Windows to successfully push an agent from ePO.

• Network protocols and ports required for machine name resolution
• ADMIN$ share
• File and Print sharing
• Server service
• Remote Registry service

So taking that out of the equation that the machine met this, rightfully McAfee ePO will can import your systems from AD and subsequently push agents from the McAfee ePO server using the remote deployment functionality. Use server tasks to run remote deployment at a specific interval, such as once per day.  Particularly, this process requires the target machine must be turned on. Just because the machine exists in Active Directory does not mean it is turned on and active on your network. During the push from the McAfee ePO server if the machine is not connected to the network then the push fails.

As in the guide (pg 55) also, the Client Task Assignment Builder page, you can see in the Schedule tab the below setting to configured such as - specifically note the "Run missed task" as a means to retry
• Schedule status — Enabled
• Schedule type — Daily
• Effective period — Select No end date
• Start time — Set to start at 9:00 AM, click Run at that time, and then repeat for, then set to 4 hour(s).
• Options — Select Enable randomization and set to 3 hour(s) 59 minute(s)
• Options — Select Run missed task and set to 10 minute delay. Once a system is connected to the managed network, after a 10 minute delay, the update packages are added to the system

but do note the known limitation and hotfixes for ePO 5.1
https://kc.mcafee.com/corporate/index?page=content&id=KB79062

e.g. Issue: Agent to Server communication fails after upgrading to ePO 5.1.
Workaround: See the KnowledgeBase article for details. KB79889
e.g. Issue: The Agent Deployment server task does not expire when it cannot reach the client computer.
Workaround: See the KnowledgeBase article for details. KB79875
e.g. Issue: You are unable to install a remote Agent Handler to a Windows 2012 R2 system.
Workaround: See the KnowledgeBase article for details. KB80065
e.g. Issue: After upgrading to ePO 5.1, the System Tree displays a blank screen.
Workaround: See the KnowledgeBase article for details. KB79827
e.g Issue: The Wake Up Agent Remote command could hang when run after upgrading from ePO 5.0.0 to 5.1.0.

other info which you may also know..

We can also creates a new client events summary query. It displays events sent from each McAfee Agent to McAfee ePO. Items like update complete, update failed, deployment completed, or encryption started are considered client events.

In particular to finding inactive system, you can create a query and report to filter out systems that have not communicated with the McAfee ePO server in X number of days. Or your query and report can delete or automatically move these systems. It is more efficient to either delete or automatically move these inactive systems. Most organizations choose a deadline of between 14 and 30 days of no communication to delete or move systems.

For example, if a system has not communicated with the McAfee ePO server after that deadline you can delete or move that system to a group in your tree that you can designate as, for example, Inactive Agents. A preconfigured Inactive Agent Cleanup Task already exists, disabled by default, that you can edit and enable on your server.

See best practice pdf (for 5.0 though but should still be applicable)
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24875/en_US/ePO_500_best_practices_en-us.pdf
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question