Services

Trellix Agent provides these services:

· Trellix Agent Service: Performs property collection, policy enforcement, schedules tasks, performs agent-server communication, and triggers the update session

o Service name: Masvc

o Windows processes: masvc.exe

o Non-Windows processes: masvc

· Trellix Agent Common Services: Hosts multiple Trellix Agent services, such as Peer-to-Peer, Wake-up, and RelayServer

o Service name: Macmnsvc

o Windows processes: macmnsvc.exe

o Non-Windows processes: macmnsvc

· Trellix Agent Backwards Compatibility Service: The Trellix Agent service starts this service and communicates to the various managed product plugins. You only see this when the executable is invoked.

o Service name: McAfee Framework

o Windows processes: macompatsvc.exe

o Non-Windows processes: macompatsvc

First Tab

On Windows client systems, the install logs are saved in %TEMP%\McAfeeLogs.

Second Tab

Log files can be found in these locations, depending on the managed system’s operating system:

1. On Windows client

2. systems: <Documents and Settings>\All Users\Application Data\McAfee\ Agent\Logs

3. If no Documents and Settings folder:<ProgramData>\McAfee\Agent\Logs

4. On non-Windows client systems: /var/McAfee/agent/logs

Using the System Tray Icon

In a Windows environment, if the Agent policy is set to show the Agent icon in the system tray of the managed system, you can access shortcuts to information and functionality of managed products.

Update Security – Triggers immediate updating of all installed Trellix software products. This includes application of patches and hotfixes, as well as DAT and signature updates. Note this feature is available only if specifically enabled in the Agent policy.
Quick Settings – Links to product menu items that are frequently used
Manage Features – Displays links to the administrative console of managed products
Scan Computer for – Launches Trellix programs, such as Endpoint Security, that scan systems on-demand and detect unwanted malicious software
View Security Status – Displays the current system status of managed Trellix products, including current events
Agent Status Monitor – Triggers the Agent Status Monitor, which: Displays information on the collection and transmission of properties Sends events Downloads and enforces policies
About – Displays system and product information for products installed on the system, including the Agent, the ePO server with which the Agent communicates, and the software products being managed

Forcing Trellix Agent Activity

There are two methods available to force communications to occur from a managed client to the ePO server: opening the Trellix Agent Status Monitor and using the command line.

Open the Trellix Agent Status Monitor

If the ePO icon displays in the Windows system tray, open the Agent Monitor. The following options are available:

· Collect and Send Props: Forces the Agent to collect machine and product properties configuration and communicate them to the ePO server. Note: The Agent policy controls whether full or incremental properties are sent to the ePO server.

· Send Events: Forces the Agent to send events to the ePO server. Note: This action sends all events to the ePO server irrespective of their severity.

· Check New Policies: Forces the Agent to communicate with the ePO server and check for the existence of updated policies; will also update any modified or newly created tasks.

· Enforce Policies: Forces the Agent to read the local copy of the ePO policy and enforce this on the machine.

· Agent Settings: Configures Trellix Agent settings and Network Settings

· Save Contents to Desktop: Saves the contents of the Trellix Agent log to a file

· Close: Closes the Trellix Agent Monitor window

Note that you can see the Agent icon in the system tray only if the Show system tray icon (Windows only) option is selected on the General tab of the Trellix Agent policy pages. If you cannot see the icon, select this option and apply it. When you finish viewing the log file content, you can hide the icon again by deselecting the option and applying the change.

Use the Command Line

When the Agent is installed, an executable (CMDAGENT.EXE) is also installed in the Agent directory (<Drive>:\Program Files\Trellix\Common Framework, by default). This command line utility lets you to execute Agent commands without using the Trellix Agent Status Monitor. Switches allow you to specify the action(s) the Agent undertakes and are equivalent to the options provided by the Trellix Agent Status Monitor:

· Collect and Send Properties and Events: CMDAGENT.EXE /p

· Check New Policies: CMDAGENT.EXE /c

· Enforce Policies: CMDAGENT.EXE /e

· Show Agent monitor: CMDAGENT.EXE /s

· Forward events from Windows based client systems to ePO server: CMDAGENT.EXE /f

· Displays the agent information: CMDAGENT.EXE /i

· Sets the logfile location: CMDAGENT.EXE -l

· Displays the help information: CMDAGENT.EXE /h

· Forward events from Unix based and Macintosh client systems to ePO server: CMDAGENT /f