Automating and Optimizing the ePO Workflow Flashcards
How can you address the problem of systems having the same GUID?
Enable the preconfigured “Duplicate Agent GUID - Clear error count” and “Duplicate Agent GUID - Remove systems that potentially use the same GUID” server tasks
These tasks will clear the error count and remove any systems with the same GUID, and assign the systems a new GUID
What is the concern regarding events in a large environment?
In large environments, many events are reported to the ePO server, potentially leading to rapid growth of the database.
The database size directly impacts the performance of the ePO server, so it is important to maintain a clean database
How should you determine how long to retain event information when configuring a purge task?
Based on corporate data retention policy
What are the recommended retention rates in the product guide?
Audit Log - Purge after 6 months Client Events - Purge after 6 months Server Task Log - Purge after 6 months Threat Events - Purge every day SiteAdvisor Enterprise Events - Purge after 10 days
Why are SAE events only retained for 10 days (as per product guide recommendation?)
They aren’t included in the normal events table, and collect all URLs visited by managed systems, leading to a large amount of data being saved in environments with more than 10,000 systems
When should you schedule your purge events server task?
During non-business hours
What are some reasons that it may be preferable to purge client events by query
This method can be helpful in a situation in which there is an excessive amount of a specific event in the database in a short time.
Why is it a good idea to configure a regular, automatic content pull for your ePO server?
This keeps your protection signatures up to date for McAfee products.
Pulling the latest DAT and content files keeps your protection signatures up to date for McAfee products like VirusScan Enterprise and HIPS
What are the primary steps for configuring an automatic content pull and replication
- Pull content from McAfee into your Master Repository. which is always the ePO server
- Replicate that content to your distributed repositories. This ensures that multiple copies of the content are available and remain synchronized. This also allows clients to update their content from their nearest repository
When are DAT files typically released?
3PM
How many times a day should you schedule your pull task, and at what times?
They should be scheduled at least once daily, but preferably 2 - 3 times in case something goes awry with one of the pull tasks.
They should be scheduled after 3PM, as that’s when DATs are usually released. If they’re scheduled earlier, then there will be no new content to pull
What are the two event numbers that are considered best practice to filter out?
1051 and 1059
1051 - Unable to scan password-protected file
1059 - Scanned timed out
What percentage of the database can the “best practice” events make up of the total events stored in your database?
80%