Specifications
5
Click Next to skip the Columns dialog box. You can choose the columns you want to analyze.
You can skip this step because the McAfee ePO server does not use the
columns you choose in the server task.
6
Click Event ID in Available Properties under Client Events to create an Event ID filter. An Event ID row
is added in the Filter pane.
7
Click the plus sign, +, at the right to add another comparison row, add 1051 and 1059 in the Value
column, then click Run.
This setting filters the query and only returns 1051 and 1059 events as shown in the following
output figure.
8
Optionally, you can select all of these 1051 and 1059 events, click Actions | Purge to purge all of these
events in real time.
Instead of purging the events in real time during business hours you can create a server task that
runs the purge nightly during off hours. See Purging events automatically for details.
9
Create a new server task and give it an appropriate name. For example, Purge of 1051 and 1059
Events Nightly.
10
Click Purge Threat Event Log from the Actions list, then click Purge by Query.
11
Reporting
Custom queries
96
McAfee
®
ePolicy Orchestrator
®
4.0 and 4.5 Best Practices Guide