This article explains how to create a basic ePO report for 1203 on-demand scan events that ENS generates.
- Log on to the ePO console.
- Configure the policies to create and send the 1203 events:
- Click Policy Catalog.
- Select McAfee Agent from the Product drop-down list.
- Click the General policy assigned to your systems.
- Click the Events tab and set Priority event forwarding to Informational.
- Click Save.
- Select Endpoint Security Common from the Product drop-down list.
- Click the Options policy assigned to your environment.
- Click Show Advanced.
- Set Event logging for On-Demand Scan to All.
- Click Save.
- Configure a report for ENS 1203 events:
- Click Menu, Queries & Reports.
- Click New Query.
- Under Feature Group click Events.
- Click Threat Events and click Next.
- Click Table in the Display Results As table and click Next.
- Remove both selected columns by clicking the X in the top right of the boxes.
- Add the following Available Columns:
- System Name
- Event Generated Time
- Click Next.
- Add the following Available Properties:
Event ID Equals 1203
Product Version (Endpoint Security Threat Prevention) Greater than or equals 10
On-Demand Full Scan Date Is within the last 1 Week (or select On-Demand Quick Scan Date if needed)
- Click Save.
- For Query Name, type a name such as ENSTP On-Demand Full/Quick Scan Completed.
- Add the query to any Query Group and click Save.