Automating and Optimizing the ePO Workflow

Question 1

How can you address the problem of systems having the same GUID?

Answer 1

Enable the preconfigured “Duplicate Agent GUID - Clear error count” and “Duplicate Agent GUID - Remove systems that potentially use the same GUID” server tasks

These tasks will clear the error count and remove any systems with the same GUID, and assign the systems a new GUID

Question 2

What is the concern regarding events in a large environment?

Answer 2

In large environments, many events are reported to the ePO server, potentially leading to rapid growth of the database.

The database size directly impacts the performance of the ePO server, so it is important to maintain a clean database

Question 3

How should you determine how long to retain event information when configuring a purge task?

Answer 3

Based on corporate data retention policy

Question 4

What are the recommended retention rates in the product guide?

Answer 4

Audit Log - Purge after 6 months
Client Events - Purge after 6 months
Server Task Log - Purge after 6 months
Threat Events - Purge every day
SiteAdvisor Enterprise Events - Purge after 10 days

Question 5

Why are SAE events only retained for 10 days (as per product guide recommendation?)

Answer 5

They aren’t included in the normal events table, and collect all URLs visited by managed systems, leading to a large amount of data being saved in environments with more than 10,000 systems

Question 6

When should you schedule your purge events server task?

Answer 6

During non-business hours

Question 7

What are some reasons that it may be preferable to purge client events by query

Answer 7

This method can be helpful in a situation in which there is an excessive amount of a specific event in the database in a short time.

Question 8

Why is it a good idea to configure a regular, automatic content pull for your ePO server?

Answer 8

This keeps your protection signatures up to date for McAfee products.

Pulling the latest DAT and content files keeps your protection signatures up to date for McAfee products like VirusScan Enterprise and HIPS

Question 9

What are the primary steps for configuring an automatic content pull and replication

Answer 9

1. Pull content from McAfee into your Master Repository. which is always the ePO server
2. Replicate that content to your distributed repositories. This ensures that multiple copies of the content are available and remain synchronized. This also allows clients to update their content from their nearest repository

Question 10

When are DAT files typically released?

Answer 10

3PM

Question 11

How many times a day should you schedule your pull task, and at what times?

Answer 11

They should be scheduled at least once daily, but preferably 2 - 3 times in case something goes awry with one of the pull tasks.

They should be scheduled after 3PM, as that’s when DATs are usually released. If they’re scheduled earlier, then there will be no new content to pull

Question 12

What are the two event numbers that are considered best practice to filter out?

Answer 12

1051 and 1059
1051 - Unable to scan password-protected file
1059 - Scanned timed out

Question 13

What percentage of the database can the “best practice” events make up of the total events stored in your database?

Answer 13

80%