ePO Questions

[dshai527]

If anyone can answer any of these questions I would greatly appreciate it. We have gotten everything running but just some odd events are causing us problems. #4 is the most important. Has anybody experienced any of this before. McAfee seemed puzzled by the database redundancy issue. I can get more specific if anyone needs me to. Thanks.

Questions for McAfee
1.Why does the TASK-Upgrade put an extra / in the user name causing it not to work?

2.What is the easiest way to fix SPIPE errors in the server events?

3.Why are the old DATS not updating on all machines? Why are policies not being enforced? (A machine was asked to install 4.5.1 and it did not, even though it reported back multiple times.

4.Why are duplicate entries appearing when a machine is upgraded or why are duplicate numbers appearing in the reports at all? It seems that a machine that has an older version removed from it still reports the older version along with the newer version. This does not affect the directory tree, just the reports. Also why are some machines saying no AV is installed when the current version is running on that machine?

5.Where does the agent get its information on the client machine, e.g. registry, program and where does the reports get their information from? How does the database work? Can this database be refreshed?

6.Where can we find a complete list of all event codes? We are seeing some events that have no definition, like 2232.

7.How does Alert Manager work? Does any additional software need to be installed on the server? We would like to use this feature.

8.Why do some computers not filter into the proper tree or change in the directory when nobody has moved them?

9.Is there any way to keep users from turning off or uninstalling the McAfee service or agent?

10. What is the best way to do an upgrade/update task? Or how long should the task run before it is turned off? Does keeping it running hurt anything?

11.How long should a policy run before it is turned off?

12.Is there anyway to have the agent ask for the new IP address of a host system after installation? Or can we manually change the IP without having to uninstall and reinstall the agent.

13.When I run the Integrity check on the domain, why do I sometimes get a single computer as a problem? It says that it is a duplicate, but it lists only one computer. Where is the duplicate?

 

[AVDude]

Hi

What version of ePO are u running? Cheers
AVDude

 

[dshai527]

We are running version 2.5.1.213. Sorry, I meant to add that in.

 

[AVChap]

dshai527,

1. There's a hotfix for this (HF3 I think) to correct this. Ask your sales rep.

2. SPIPE errors are caused when the agent cannot authenticate to the server. Just remove the machine from the ePO tree and the agent will re-initialize the agent ID in the server.

3. Check if you enfored the policy at the correct level. It may have been enforced on a different group or just an individual machine, not the site level.

4. What do you mean upgraded? Whenever you change either the NIC or the computer name, ePO will create a new entry. As for those machines being reported w/ no AV installed, just remove and reinstall the agent to re-initialize the information.

5. The agent gets information from the System Info and the registry. The reports get it from the ePO database. Refreshing the database depends on what you actually use.

6. Event codes you can get from your sales engineer.

7. Alert Manager recieves alerts from VS and NS and processes them for distribution. There's a PDF file in the CD that you got detailing how to configure AM. Nothing else needed to be installed.

8. Check the IP rules in the groups you created. Their IP addresses might not fall into those ranges.

9. Unless you only give them user-level rights on the machine. Am also waiting for this feature.

10. Really depends on your goal in running the task. If its an immediate task, once it finishes it does not affect the other tasks. No harm keeping a task defined even after it has been implemented or invoked.

11. No problem keeping a task running as long as it does not occur too frequently.

12. The agent checks the IP address and the computer name of the machine ON STARTUP. If there's any change, the agent sends the information to the ePO server. It doesn't matter if the IP address changes on the workstation. All the agent needs is the IP address of the ePO server.

13. Probably two or more machines have the same computer name. Run a query on duplicate machine names.

Hope this helps.

AVChap

 

[dshai527]

Thanks for the help, to clarify question #4.

What is hapopening is that we are changing from McAfee 4.0.3 on our field computers to the 4.5.1, however, when a report is run (like DAT/Definition deployement summary) each machine that was changed shows up twince in the reports throowing off the numbers. It shows up once for 4.5.1 and again for 4.0.3, but the 4.0.3 is stuck on the DAT is was at when it was removed from the computer. Removing the PC from the directory does not help this, it just repopulates and reports the same info. Even removing the agent and reinstalling does not help. Has this happened to anyone else? I have 1700 PC's but my reports show 2300 with 500 being out of date by 5 or more versions. Removing and reinstalling the agent also has no effect on the machines that are reporting NO AV.

 

[VictorySabre]

Hi dshai527,

I am running the same ePO version (2.5.1.213). I too have encountered your #4. I upgraded an older VirusScan version to a newer version, but performing a report generated both the old and new versions for the same PC.

What I did to get rid of it was from the directory, I chose to delete the computer and remove the ePO Agent. I then rebooted the computer in question and gave it about 1 hour. I then reissued an add computer and performed an ePO Agent install.

This seemed to have solved my problem, hopefully it will work for you.

As for #13, I encountered that similar problem before the ePO 2.5.1 (SP1) upgrade on my test environment. When I removed a computer from the directory along with the ePO Agent and at some point I add it back in and reinstall the ePO Agent, I encountered the duplicate entry while performing a directory integrity check even though there weren't any duplicate entries.

I e-mailed Mcafee support and they sent me a file and some instructions that cleans up the database. I ran their file and performed the instructions as they specified and it removed the mysterious computer entry.

When I proceeded to build my production ePO Server, I installed ePO 2.0 and then ePO 2.5.1 and it's been fine since. I've tried adding and removing clients back and forth with no issues. I don't even need to run Mcafee's directory repair tool. You should try and contact them and explain your situation and they'll send you the files needed to run.

Good luck!

Victory Sabre

 

[Guest_imported]

Has anyone come across this:
EPO 2.5.1.213,
Take a rather large domain, part in the UK part in US, the UK PCs use IP range 10.100.XXX.XXX the US PCs use 10.69.xxx.xxx

The PCs in the US are none of my business, I want to filter them out.

I create a domain in the ePO directory and set it up to filter for 10.100.xxx.xxx. Then I do an "Update Domain" and guess what, ePO completely ignores the IP rules, all the 10.69.xxx.xxx PCs are also retrieved. Also tried to create a site and a domain within the site with the same result.

Anyone come across this or has a solution?

 

[AVChap]

The Update Domain DOES NOT use the IP filters. IP filters are used in the groups and reports. If you want to exclude the US PCs, create a group with 10.69.xxx.xxx as the IP range and re-sort the domain. Then afterwards, create an site administrator account for the 10.69.xxx.xxx group so that all this administrator sees is this group.

Hope this helps.

AVChap