The on-access scanner reports a disabled status to ePolicy Orchestrator but shows as enabled on the client

技术文章 ID: KB84191
上次修改时间: 7/2/2019

环境

McAfee ePolicy Orchestrator (ePO) 5.x
McAfee VirusScan Enterprise (VSE) 8.8

问题

The VSE on-access scanner (OAS) status is disabled in ePO, but enabled on the endpoint.

原因

When changes are made to the timing for when the McAfee Agent is to perform an ASCI, with property collection selected, it introduces a timing-based behavior. This behavior is undesirable.

From the data gathered during startup, the McAfee Agent might determine that the VSE scanner is disabled while it continues to initialize. The McAfee Agent only displays the enabled and disabled statuses; it does not have a status to indicate that it is “still starting.”

Even though VSE appears as disabled in ePO, the scanner completes the initialization at the client and is fully functional.
Although accurate data is being provided to ePO at the time, it is temporarily out of sync with the client system. The ePO only receives a different status (the correct status) when the next ASCI occurs.

解决方案

Both ePolicy Orchestrator and VirusScan Enterprise are working as designed.

解决方法

If you rely on OAS Status reports, the product development team recommends that you wait until after endpoints have performed at least one more ASCI since startup.

You can force a property collection, but this action might incur unwanted network traffic. To reduce this impact, you can handle the property collection in groups and run the associated OAS Status report based on those groups.

Or, you can set the McAfee Agent services to delay-start. This action allows VSE more time to complete initialization before the ASCI and property collection occur.

To create an agent Wakeup call task to send an incremental property update with a two-minute delay, perform the following steps:

Log on to the ePO console.
Go to the System Tree, My Organization, Assigned Client Tasks, and select New Client Task Assignment.
Select McAfee Agent as the Product, McAfee Agent Wakeup as the Task Type, and click Create New Task.
Name the task and select Send only properties that have changed since the last agent-server communication.
Click Save and Next.
Select At system startup for the Schedule type.
Enter 2 in the "Delay this task by" field.
Click Next and Save.
Assign the task to all clients.

受影响的产品

ePolicy Orchestrator 5.9
ePolicy Orchestrator 5.10.x
VirusScan Enterprise 8.8

语言:

此文章有以下语言版本：

German
English United States
Spanish Spain
French
Italian
Japanese
Portuguese Brasileiro
Chinese Simplified

技术术语词汇表

突出显示词汇表术语

请花点时间浏览一下我们的技术术语词汇表。

Knowledge Center

The on-access scanner reports a disabled status to ePolicy Orchestrator but shows as enabled on the client

环境

问题

原因

解决方案

解决方法

受影响的产品

语言:

技术术语词汇表

Title

Title

Knowledge Center

The on-access scanner reports a disabled status to ePolicy Orchestrator but shows as enabled on the client

环境

问题

原因

解决方案

解决方法

受影响的产品

语言:

技术术语词汇表

选择您的区域

Title

Title