Global Threat Condition: Elevated
Criteria-based sorting
McAfee System Tree Criteria-based sorting
As in past releases of ePolicy Orchestrator, you can use IP address information to automatically sort managed systems into specific groups. You can also create sorting criteria based on tags, which are like labels assigned to systems. You can use either type of criteria or both to ensure systems are where you want them in the System Tree.
Systems only need to match one criterion of a group’s sorting criteria to be placed in the group.
After creating groups and setting your sorting criteria, take a Test Sort action to confirm the criteria and sorting order achieve the desired results.
Once you have added sorting criteria to your groups, you can run the Sort Now action. The action moves selected systems to the appropriate group automatically. Systems that do not match the sorting criteria of any group are moved to Lost&Found.
New systems that call into the server for the first time are added automatically to the correct group. However, if you define sorting criteria after the initial agent-server communication, you must run the Sort Now action on those systems to move them immediately to the appropriate group, or wait until the next agent-server communication.
Sorting status of systems
On any system or collection of systems, you can enable or disable System Tree sorting. If you
disable System Tree sorting on a system, it is excluded from sorting actions.
System Tree sorting settings on the ePO server
For sorting to take place, sorting must be enabled on the server and on the systems. By default, sorting at each agent-server communication is enabled.
Test sorting systems
Use this feature to view where systems would be placed during a sort action. The Test Sort page displays the systems and the paths to the location where they would be sorted. Although this page does not display the sorting status of systems, if you select systems on the page (even ones with sorting disabled) clicking Move Systems places those systems in the location identified.
How settings affect sorting
You can choose three server settings that determine whether and when systems are sorted.
Also, you can choose whether any system can be sorted by enabling or disabling System Tree sorting on selected systems in the System Tree.
Server settings
The server has three settings:
• Disable System Tree sorting — If criteria-based sorting does not meet your security
management needs and you want to use other System Tree features (like Active Directory synchronization) to organize your systems, select this setting to prevent other ePO users from mistakenly configuring sorting criteria on groups and moving systems to undesirable locations.
• Sort systems on each agent-server communication — Systems are sorted again at each agent-server communication. When you change sorting criteria on groups, systems move to the new group at their next agent-server communication.
• Sort systems once — Systems are sorted at the next agent-server communication and
marked to never be sorted again at agent-server communication as long as this setting is selected. However, selecting such a system and clicking Sort Now does sort the system.
System settings
You can disable or enable System Tree sorting on any system. If System Tree sorting is disabled on a system, that system will not be sorted regardless of how the sorting action is taken. If System Tree sorting is enabled on a system, that system is sorted always for the manual Sort Now action, and may be sorted at agent-server communication, depending on the System Tree sorting server settings.
