Problem

After you apply ePO 5.10 Update 5, the product version property for point products might not update correctly when the point product is upgraded. This issue is most commonly seen with the McAfee Agent version, but can also affect other point products.

An example sequence of events might be:

  1. Upgrade a McAfee Agent 5.5.1 client system successfully to McAfee Agent 5.6.2.
  2. The local About screen and all file version information correctly show McAfee Agent 5.6.2.
  3. The ePO console continues to report McAfee Agent 5.5.1.

Solution

This issue will be resolved with “Update 6” package.

Workaround

This problem is intermittent. The next time the McAfee Agent submits its version information, it might update correctly. But, in normal agent-to-server communications, the agent does not resubmit its version information, because it has not changed since the last communication.
As a workaround, you can schedule a client task on the affected clients to run a wakeup call and submit their full properties:

  1. Log on to the ePO Console.
  2. In the Client Task Catalog, create a new McAfee Agent client task.
  3. For the client task type, select McAfee Agent Wakeup.
  4. Under the Options section, make sure that you select Send all properties defined by the agent policy.
  5. Assign this task to the affected system.
  6. Schedule the task to run at regular intervals.

​Over time, the client systems will update their version information correctly. After the client systems update their version information, you can unassign this task from them.

How To CPU Throttling Limit maximum CPU usage for On Demand Scann for ENS

-CPU Throttling Limit maximum CPU usage
specify just how much CPU a running on-demand scan can consume.
Limit maximum CPU usage (Available only when Scan anytime is selected)
Need a fast scan: allocate a lot; Want to minimize impact on users: reduce it down.
Referance Video
https://www.youtube.com/watch?v=X79532FZCE0&feature=youtu.be

We will set CPU limit %30
1.
McAfee Epo Policy Catalog> Endpoint Security Threat Prevention : Policy Category > On-Demand Scan > On_Demand_Scan My Default
2. Select to Scan Anytime, then limit maximum will be active for selection.

3. Its important: If you want to set cpu limitation. You must send Policy based on demand Scan. i added screenshot number: 4

4. Default; Policy Based On-Demand Scan

Endpoint Security 10.7 is available

New Features  

–  NEW Rollback Remediation This is massive and is one of McAfee’s key differentiators as raised by analysts. Should a piece of malware successfully evade detection, and start encrypting files, once we detect this activity and convict to bad actor, we no longer require customers to turn to backups. Now we can recover files to their previous state by rolling back changes – Simple, fast, and automatic.
Video
https://www.youtube.com/watch?v=OwJSZT2U4kM

-CPU Throttling Limit maximum CPU usage
specify just how much CPU a running on-demand scan can consume.
Limit maximum CPU usage (Available only when Scan anytime is selected)
Need a fast scan: allocate a lot; Want to minimize impact on users: reduce it down.
Video;
https://www.youtube.com/watch?v=X79532FZCE0&feature=youtu.be

NEW Story Graph – Detecting and blocking an attack is one side of the story. Understanding the impact and activities of the malware is the other. The story graph provides a visual representation of the activity of the malware.

Command line scanner – If customers are hanging on to VirusScan Enterprise because of this feature, there is no need to any longer.  Endpoint Security 10.7 ships with a command line scanner that allows existing scans to be controlled, and new ad hoc scans to be run.
Video:
https://www.youtube.com/watch?v=n7vZlOrretQ&feature=youtu.be


simple Installation – customers need now only to select a single package for installation and updating, rather than selecting individual components. This makes installation or updating 80% less admin effort, (where previously up to five packages were required).

McAfee Agent Option:

<Installation Path>\Common Framework\CmdAgent.exe /[P/E/C/F]

P – Collect and send properties to the server
E – Enforce policies locally
C – Check for new polices
F – Forward events to the server
S – Show agent monitor GUI
? – Help

Remove McAfee Agent:

“c:\Program Files\Network Associates\Common Framework\frminst.exe” /forceuninstall 

or

“<Installation Path>\Common Framework\frminst.exe” /forceuninstall

Option 1

·         Save at list the last two backup.

1.       Backup the database of ePO server:

a.       Open “Microsoft SQL Server Management Studio”, log in with “SA” user or user with full control on the ePO database.
b.      Expend <Server_name> -> expend databases.
c.       Right-click ePO_<Server_Name>, select All Tasks, Backup Database.
d.      In the Database field, select the ePO_<Server_Name> to be backed up.
e.      In the Name field, type a name for the backup set (example: ePO Master Backup).
f.        In the Description field, type a description of the backup (example: ePO Full Backup).
g.       Under the Backup Type, select Database – Full.

Continue reading

  • Only use Adaptive Mode temporarily on a small number of systems to aid in firewall rules or IPS exception tuning. Choose a representative system or small group of systems (3-5 at most) that represent the functional business units you are creating rules for.
    NOTE: This mode can create a large number of client rules on endpoint systems, and can cause significant overhead for the ePO server while processing excessive firewall client adaptive rules.

Continue reading