Manual update of Host Intrusion Prevention 8.0 / 7.0 signatures from the McAfee CommonUpdater site. The naInet library returned an error. [Parent error: NaInet library returned code == ##] (code descriptions) KnowledgeBase - DAT update fails with the DAT reported at the ePO console as '0.0000' on systems with VSE 8.8 or 8.7i. Communities: Truncating EPO Database Tables to...
With 4.5 I've seem performance issues due to a few different things.
I'd agree with everyone, there is little reason to truncate any tables. There are a few that are notorious for filling up fast and you should get to know them. Some issues I have encountered: 1. The obvious and what most of the KBs say... large numbers of events and not having them purged. KnowledgeBase - How to identify why the ePO database is very large. Communities: Scan Timed Out (1059): Database Maintenance: Part 1.
Just today, I helped a customer of about 5,000 endpoints shrink down a database of just over 80 GB in size.
At the same time that Webex session was running I was helping another customer who had a 490 GB database. That leads me to today's topic: Database Maintenance. Many of us have been running ePolicy Orchestrator for year. It is a wonderful tool for automation and reporting. It cheerfully deploys our wishes in the form of policy and then collects the data for us to examine. Here is an example, purge process written as an ePO Server Task: Your product mix will determine what you need to purge but here are some basics that EVERYONE will want to do: Client Events: These are events that we use to tell when clients update (or don't) properly.
I would urge ALL of my customers to have a process just like this. In honor of database purging, I leave you with this inspirational and motivational photo: KnowledgeBase - List of Host Intrusion Prevention 7.0 / 8.0 event IDs. How to test McAfee VirusScan. KnowledgeBase - How to use the EICAR anti-malware test file with McAfee products. KnowledgeBase - ePolicy Orchestrator 4.6.6 Known Issues. Communities: EPO 4.5 - Purge Threat Event Log after... Wp-top-5-epolicy-orchestrator-tips. Communities: McAfee Tool Exchange. Communities: Scan Timed Out (1059): Database Maintenance: Part 2. In Part 1 of this story, we purged several things: Client Events, Audit Logs, Server Task Logs and the Threat Event logs (beyond a year).
Now it is time for us to dig into purging the Threat Events table for extraneous events. There are several types of events that have limited value AND those events have a limited lifespan. In all my years of helping customers I've never looked that these events past 1-2 weeks. For that reason keeping more than one month of these seems wasteful. Sadly, these events are also quite numerous. Step 1: Create a new query, select Threat Events Step 2: Select the "Table" option Step 3: Add columns (You really don't do anything here. Step 4: Filter the results for three types (Access Protection, Cookies and None) and Events not within the last 1 month Notes: If your database is really large then it may take several minutes to process each of the combo boxes.
Step 5: Save the query with a descriptive name like... KnowledgeBase - McAfee ePolicy Orchestrator 4.6.6 Server service fails to start after upgrading from an earlier version. Communities: 4.6.2 to 4.6.6 upgrade - The Local... KnowledgeBase - Recommended maintenance plan for ePO database using SQL Server Management Studio. IMPORTANT: These routine tasks include SQL Server maintenance jobs that will not only keep the data and the engine performing at satisfactory levels, but will also keep the data backed up to aid recovery in the event of a disaster.
This information is intended for use by database administrators (DBA) and ePO administrators only. Use the following procedure at your own risk. McAfee does not assume responsibility for any damages as a result of following these instructions. Background: SQL Server uses the concept of Write Ahead Logging, where each data modification operation (Insert, Update, Delete and other operations such as index rebuild and reorganize) is first written to the Transaction Log (.LDF) from memory (buffer pool) and periodically flushed to the disk data file (.MDF) as part of the CheckPoint process.
If no periodic backup of the Transaction log is done, then the size of the Transaction log will continue to grow until it consumes all available disk space. KnowledgeBase - How to identify why the ePO database is very large. KnowledgeBase - How to manually remove VirusScan Enterprise 8.8.