Identify frequently scanned items from McAfee ePO (Agentless)

Select an SVM or a group of SVMs from the System Tree and assign a client task to calculate and display frequently scanning files, extensions, and VMs. You can include these results in the path exclusion policies to exclude them from being scanned.

Before you begin

You installed the McAfee MOVE AntiVirus extension on the McAfee ePO server.

For details about product features, usage, and best practices, click ? or Help.

Task

  1. Log on to McAfee ePO as an administrator.
  2. Select MenuPolicyClient Task Catalog.
  3. From Client Task Types, select MOVE AntiVirus 4.5.0Scan Diagnostics [Agentless].
  4. Click the name of an existing client task or click New Task and confirm the task type.
  5. Configure these settings on each tab, then click Save.
    Tab Description
    Task Name Specifies a unique name for the task.
    Description Specifies a description about the task.
    Diagnosis Time Specifies the time period, in minutes, set for calculating the frequently scanned files. For example, 1–10 minutes.
  6. Click Assign, specify the SVM where you want to assign the task, then click OK.
  7. Click Schedule to schedule the task.
    At the end of specified minutes, the McAfee ePO completes the analysis and displays the results. The default allowed time limit is 10 minutes.
  8. Select MenuReportingQueries & Reports, then select MOVE AntiVirus 4.5.0 [Agentless] under McAfee Groups to view and run these scan diagnostic queries:
    • MOVE AntiVirus: Top 10 Scanned File Extensions for each SVM — Lists the top 10 file extensions scanned by the SVM.
    • MOVE AntiVirus: Top 10 Scanned Files for each SVM — Lists the top 10 files scanned by the SVM.
    • MOVE AntiVirus: Top 10 Scanned Virtual Machines for each SVM — Lists the top 10 virtual machines that are sending maximum scan and checksum requests.