{"id":19958,"date":"2023-08-30T09:25:32","date_gmt":"2023-08-30T13:25:32","guid":{"rendered":"https:\/\/kevinjustin.com\/blog\/?p=19958"},"modified":"2023-08-30T09:26:10","modified_gmt":"2023-08-30T13:26:10","slug":"trellix-agent-pack","status":"publish","type":"post","link":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/trellix-agent-pack\/","title":{"rendered":"Trellix Agent pack"},"content":{"rendered":"
\"Time<\/a>
Time to monitor the ‘Trellix agent’ pack<\/figcaption><\/figure>\n

Trellix bought McAfee, and rebranded, but the service, application, registry keys, etc. have not yet changed.\u00a0 Many times, the pack fills in the gaps that the admin misses.\u00a0 Examples when Application services crash or become non-responsive, or just adding the capability to summarize issues seen in a daily alert report.<\/p>\n

 <\/p>\n

Quick Download: https:\/\/github.com\/theKevinJustin\/TrellixAgentMonitoring<\/a><\/h4>\n

 <\/p>\n

Did you know?<\/h4>\n

System Event ID 7031 is logged for each application\/service when the process has issues?<\/p>\n

Trellix agent services have a monitor alert when System Event Log, EventID 7031 events have the agent services in the event description.<\/p>\n

\"Trellix<\/a><\/p>\n

 <\/p>\n

Second, my own spin for Application monitoring starts with the mantra ‘smarter vs. harder.\u00a0 Besides dynamic discovery based on registry key, adding the Service MonitorType gives additional monitorign flexibility adding Samples and Intervals to decrease false positive alerts.\u00a0 Simply put – count logic – x failures in y time before alerting.<\/p>\n

\"Service<\/a><\/p>\n

Service MonitorType adds Samples and Intervals to decrease false positive alerts.<\/p>\n

Third, the pack adds Trellix Agent rules, monitors, on-demand report task, and recovery scripts build out the manual intervention required alert action mantra.<\/p>\n

\"Trellix<\/a>
Trellix Agent rules, monitors, on-demand report task, and recovery scripts build out the manual intervention required alert action mantra.<\/figcaption><\/figure>\n

 <\/p>\n

 <\/p>\n

Optional – Configure addendum for environment<\/h4>\n

Download and Install ‘Trellix Agent pack’ here<\/a><\/p>\n

Open saved XML in notepad or Notepad++ (your favorite XML editor here!)<\/p>\n

Update the regular expression pattern line for McAfee server group<\/p>\n

\"Update<\/a><\/p>\n

Save file and Import > enjoy less alerts!<\/p>\n

 <\/p>\n

 <\/p>\n

Documentation<\/h4>\n

Addendum download https:\/\/github.com\/theKevinJustin\/TrellixAgentMonitoring<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Trellix bought McAfee, and rebranded, but the service, application, registry keys, etc. have not yet changed.\u00a0 Many times, the pack fills in the gaps that the admin misses.\u00a0 Examples when Application services crash or become non-responsive, or just adding the capability to summarize issues seen in a daily alert report.   Quick Download: https:\/\/github.com\/theKevinJustin\/TrellixAgentMonitoring   … Continue reading “Trellix Agent pack”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,567,5,7,530,502,742],"tags":[795,800,793,799,342,798,794],"class_list":["post-19958","post","type-post","status-publish","format-standard","hentry","category-administration","category-authoring","category-best-practice","category-mp-management-pack","category-scom","category-security","category-windows","tag-agent-application-monitoring","tag-manual-intervention-required-alerts","tag-mcafee","tag-recovery-automation","tag-scom","tag-service-monitortype","tag-trellix"],"yoast_head":"\nTrellix Agent pack - Kevin Justin's Blog<\/title>\n<meta name=\"description\" content=\"Use the 'Trellix Agent pack' to monitor Trellix agent services, when they become non-responsive, as well as a daily report of alerts.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/trellix-agent-pack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Trellix Agent pack - Kevin Justin's Blog\" \/>\n<meta property=\"og:description\" content=\"Use the 'Trellix Agent pack' to monitor Trellix agent services, when they become non-responsive, as well as a daily report of alerts.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/trellix-agent-pack\/\" \/>\n<meta property=\"og:site_name\" content=\"Kevin Justin's Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-30T13:25:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-30T13:26:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/Trellix-Logo.jpg\" \/>\n<meta name=\"author\" content=\"WordPress Administrator\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"WordPress Administrator\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/trellix-agent-pack\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/trellix-agent-pack\\\/\"},\"author\":{\"name\":\"WordPress Administrator\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#\\\/schema\\\/person\\\/3d7a90f4430bef43134eaa0a7e2cd508\"},\"headline\":\"Trellix Agent pack\",\"datePublished\":\"2023-08-30T13:25:32+00:00\",\"dateModified\":\"2023-08-30T13:26:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/trellix-agent-pack\\\/\"},\"wordCount\":281,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/trellix-agent-pack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/Trellix-Logo.jpg\",\"keywords\":[\"agent application monitoring\",\"manual intervention required alerts\",\"Mcafee\",\"recovery automation\",\"SCOM\",\"Service monitortype\",\"Trellix\"],\"articleSection\":[\"Administration\",\"Authoring\",\"Best Practice\",\"MP Management Pack\",\"SCOM\",\"Security\",\"Windows\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/trellix-agent-pack\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/trellix-agent-pack\\\/\",\"url\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/trellix-agent-pack\\\/\",\"name\":\"Trellix Agent pack - Kevin Justin's Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/trellix-agent-pack\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/trellix-agent-pack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/Trellix-Logo.jpg\",\"datePublished\":\"2023-08-30T13:25:32+00:00\",\"dateModified\":\"2023-08-30T13:26:10+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#\\\/schema\\\/person\\\/3d7a90f4430bef43134eaa0a7e2cd508\"},\"description\":\"Use the 'Trellix Agent pack' to monitor Trellix agent services, when they become non-responsive, as well as a daily report of alerts.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/trellix-agent-pack\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/trellix-agent-pack\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/trellix-agent-pack\\\/#primaryimage\",\"url\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/Trellix-Logo.jpg\",\"contentUrl\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/Trellix-Logo.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/2023\\\/08\\\/30\\\/trellix-agent-pack\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trellix Agent pack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/\",\"name\":\"Kevin Justin's Blog\",\"description\":\"Operational monitoring tools including System Center, Azure Monitor\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/#\\\/schema\\\/person\\\/3d7a90f4430bef43134eaa0a7e2cd508\",\"name\":\"WordPress Administrator\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g\",\"caption\":\"WordPress Administrator\"},\"sameAs\":[\"https:\\\/\\\/kevinjustin.com\"],\"url\":\"https:\\\/\\\/kevinjustin.com\\\/blog\\\/author\\\/wordpress_admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Trellix Agent pack - Kevin Justin's Blog","description":"Use the 'Trellix Agent pack' to monitor Trellix agent services, when they become non-responsive, as well as a daily report of alerts.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/trellix-agent-pack\/","og_locale":"en_US","og_type":"article","og_title":"Trellix Agent pack - Kevin Justin's Blog","og_description":"Use the 'Trellix Agent pack' to monitor Trellix agent services, when they become non-responsive, as well as a daily report of alerts.","og_url":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/trellix-agent-pack\/","og_site_name":"Kevin Justin's Blog","article_published_time":"2023-08-30T13:25:32+00:00","article_modified_time":"2023-08-30T13:26:10+00:00","og_image":[{"url":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/Trellix-Logo.jpg","type":"","width":"","height":""}],"author":"WordPress Administrator","twitter_card":"summary_large_image","twitter_misc":{"Written by":"WordPress Administrator","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/trellix-agent-pack\/#article","isPartOf":{"@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/trellix-agent-pack\/"},"author":{"name":"WordPress Administrator","@id":"https:\/\/kevinjustin.com\/blog\/#\/schema\/person\/3d7a90f4430bef43134eaa0a7e2cd508"},"headline":"Trellix Agent pack","datePublished":"2023-08-30T13:25:32+00:00","dateModified":"2023-08-30T13:26:10+00:00","mainEntityOfPage":{"@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/trellix-agent-pack\/"},"wordCount":281,"commentCount":0,"image":{"@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/trellix-agent-pack\/#primaryimage"},"thumbnailUrl":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/Trellix-Logo.jpg","keywords":["agent application monitoring","manual intervention required alerts","Mcafee","recovery automation","SCOM","Service monitortype","Trellix"],"articleSection":["Administration","Authoring","Best Practice","MP Management Pack","SCOM","Security","Windows"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/trellix-agent-pack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/trellix-agent-pack\/","url":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/trellix-agent-pack\/","name":"Trellix Agent pack - Kevin Justin's Blog","isPartOf":{"@id":"https:\/\/kevinjustin.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/trellix-agent-pack\/#primaryimage"},"image":{"@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/trellix-agent-pack\/#primaryimage"},"thumbnailUrl":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/Trellix-Logo.jpg","datePublished":"2023-08-30T13:25:32+00:00","dateModified":"2023-08-30T13:26:10+00:00","author":{"@id":"https:\/\/kevinjustin.com\/blog\/#\/schema\/person\/3d7a90f4430bef43134eaa0a7e2cd508"},"description":"Use the 'Trellix Agent pack' to monitor Trellix agent services, when they become non-responsive, as well as a daily report of alerts.","breadcrumb":{"@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/trellix-agent-pack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/trellix-agent-pack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/trellix-agent-pack\/#primaryimage","url":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/Trellix-Logo.jpg","contentUrl":"https:\/\/kevinjustin.com\/blog\/wp-content\/uploads\/2023\/08\/Trellix-Logo.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/kevinjustin.com\/blog\/2023\/08\/30\/trellix-agent-pack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/kevinjustin.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Trellix Agent pack"}]},{"@type":"WebSite","@id":"https:\/\/kevinjustin.com\/blog\/#website","url":"https:\/\/kevinjustin.com\/blog\/","name":"Kevin Justin's Blog","description":"Operational monitoring tools including System Center, Azure Monitor","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kevinjustin.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/kevinjustin.com\/blog\/#\/schema\/person\/3d7a90f4430bef43134eaa0a7e2cd508","name":"WordPress Administrator","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fca865cc5df90a25ae9533b1d9dea567a78c7469dc3202a376c8d117a0eaea11?s=96&d=mm&r=g","caption":"WordPress Administrator"},"sameAs":["https:\/\/kevinjustin.com"],"url":"https:\/\/kevinjustin.com\/blog\/author\/wordpress_admin\/"}]}},"_links":{"self":[{"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/posts\/19958","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/comments?post=19958"}],"version-history":[{"count":7,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/posts\/19958\/revisions"}],"predecessor-version":[{"id":19981,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/posts\/19958\/revisions\/19981"}],"wp:attachment":[{"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/media?parent=19958"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/categories?post=19958"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kevinjustin.com\/blog\/wp-json\/wp\/v2\/tags?post=19958"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}