McAfee ePO Connector Only Polls Windows Events From DB

Document created by MaryCordova on Feb 23, 2016
Version 1Show Document
  • View in full screen mode

Ever noticed that your McAfee connector never sees any events from the couple Mac users in your environment and thought, well, maybe Mac's dont get hit with malware...think again


The parser is not written to poll/pull Mac malware (virusscan) events from the McAfee ePO database. And to be clear, it is not a Windows vs *nix event format parsing issue, the SQL statement IS NOT WRITTEN TO RETRIEVE THOSE EVENTS FROM THE DATABASE AT ALL. 


Attached is the modified parser.  I have not done a diff of all the event types that Windows hosts are reporting vs those now reporting from Macs but at the very least some of the malware content from the Activate package is now firing for Mac clients.