Identify frequently scanned items from McAfee ePO (Multi-Platform)

Select one or a group of SVMs from the System Tree and assign a client task to calculate and display frequently scanning files, extensions, processes, and VMs. You can include these results in the path exclusion policies to exclude them from being scanned.

Before you begin

You installed the McAfee MOVE AntiVirus extension on the McAfee ePO server.

For details about product features, usage, and best practices, click ? or Help.

Task

  1. Log on to McAfee ePO as an administrator.
  2. Select MenuPolicyClient Task Catalog.
  3. From MOVE AntiVirus 4.5.0 under Client Task Types, select Scan Diagnostics [Multi-Platform].
  4. Click the name of an existing client task or click New Task, then confirm the task type.
  5. Configure these settings on each tab, then click Save.
    • Task Name — Specifies a unique user‑friendly name for the task.
    • Description — Specifies some user‑friendly description about the task.
    • Diagnosis Time — Specifies the time period, in minutes, set for calculating the frequently scanned files. for example 1-10 minutes.
  6. Click Assign, select one or a group of SVMs where you want to assign the task, then click OK.
  7. Click Schedule to schedule the task.
    At the end of specified minutes, the McAfee ePO server completes the analysis and displays the results. The default allowed time limit is 10 minutes.
  8. Select MenuReportingQueries & Reports and select MOVE Antivirus 4.5.0 [Multi-Platform] under McAfee Groups to view and run these scan diagnostic queries:
    • MOVE AntiVirus: Top 10 Scanned File Extensions for each SVM — Lists the top 10 file extensions scanned by the SVM.
    • MOVE AntiVirus: Top 10 Scanned Files for each SVM — Lists the top 10 files scanned by the SVM.
    • MOVE AntiVirus: Top 10 Scanned Processes for each SVM — Lists the top 10 processes scanned by the SVM.
    • MOVE AntiVirus: Top 10 Scanned Virtual Machines for each SVM — Lists the top 10 virtual machines that are sending maximum scan and checksum requests.
    Note: This data is rolled over every 7 days.