cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
vnaidu
MVP
Report Inappropriate Content
Message 1 of 5
‎09-24-2020 03:23 AM

ENS 10.7 July Update ODS

Jump to solution

Dear All,

We have scheduled a monthly on demand scan for all the work stations and servers, however we are unable to get the accurate number of machines where the scan is successfully completed. Our requirement is to get the accurate number of machines which completed the ODS successfully.

The event IDS 1202 nd 1203 are not giving the accurate numbers, and also the KB69428 is not much help.

Kindly help us to meet our requirement. We would like to receive a report with accurate number of machines that completed the scan.

 

TIA

Venu
0 Kudos
Reply
1 Solution

Accepted Solutions
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 4 of 5
‎09-27-2020 11:26 PM

Re: ENS 10.7 July Update ODS

Jump to solution

Hi @vnaidu,

edit: corrected typos.

To improve accuracy (1203 event can be generated by a right click scan or an unscheduled On demand scan performed on the machines), you can add your task name as one of the filters! This, should improve the accuracy of your report!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

0 Kudos
Reply
4 Replies
ryadav1
Employee
Employee
Report Inappropriate Content
Message 2 of 5
‎09-24-2020 05:28 PM

Re: ENS 10.7 July Update ODS

Jump to solution

Hello @vnaidu ,

Let us make sure that below things are in place and then we can create a query from ePO .

> Check in the ePO whether event filtering 1202/1203 was already checked. [Menu>Configuration>Server Settings.]

> Check the ENS common policy and ensure that Event Logging  [Under Client Logging section] for ODS is set to "ALL".

Configure a report for ENS 1203 events:

  1. Click Menu, Queries & Reports.
  2. Click New Query.
  3. Under Feature Group click Events.
  4. Click Threat Events and click Next.
  5. Click Table in the Display Results As table and click Next.
  6. Remove both selected columns by clicking the X in the top right of the boxes.
  7. Add the following Available Columns:
    • System Name
    • Event Generated Time
  8. Click Next.
  9. Add the following Available Properties:
     
    Event ID Equals 1203
    Product Version (Endpoint Security Threat Prevention) Greater than or equals 10
    On-Demand Full Scan Date Is within the last 1 Weeks (or select On-Demand Quick Scan Date if desired)
     
  10. Click Save.
  11. For Query Name type a name such as ENSTP On-Demand Full/Quick Scan Completed.
  12. Add the query to any Query Group and click Save.

Hope this helps .

Thank you ,

Rajesh

McAfee Support 

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Reply
vnaidu
MVP
Report Inappropriate Content
Message 3 of 5
‎09-24-2020 08:43 PM

Re: ENS 10.7 July Update ODS

Jump to solution

Dear @ryadav1 ,

We already tried this way, but the results are not accurate and hence I thought of posting it here. Do we have any alternate way of achieving this task?

May be script or a commandline, that could help us track the ODS completion?

 

TIA

Venu
0 Kudos
Reply
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 4 of 5
‎09-27-2020 11:26 PM

Re: ENS 10.7 July Update ODS

Jump to solution

Hi @vnaidu,

edit: corrected typos.

To improve accuracy (1203 event can be generated by a right click scan or an unscheduled On demand scan performed on the machines), you can add your task name as one of the filters! This, should improve the accuracy of your report!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 5 of 5
‎10-01-2020 01:19 AM

Re: ENS 10.7 July Update ODS

Jump to solution

Oh, that is nice!

Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC