Update: In 2014 McAfee renamed Endpoint Encryption for PC (EEPC) to McAfee Drive Encryption (MDE). These instructions are valid for both versions.

 

 

This is one of my favorite new features in Endpoint Encryption for PC v6. It allows our agent to check the system and decide if it is "safe" to install EEPC. This concept of conditional installation is very powerful and is unique in the industry. Currently, the product has pre-defined rules for our most common competitors like Pointsec/Checkpoint, Bitlocker, Guardian Edge, etc. This is great for customers who are switching to our product and want to deploy to a mixed environment without causing any damage. Implementing this feature is straightforward. Here's the workflow:

 

  1. Login to ePO and go to Menu > Configuration > Server Settings > Endpoint Encryption > Manage Non-Compatable Products
  2. Once the feature is enabled, the agent will start checking for that condition.
  3. If the condition is met (i.e. a competitive product is found), the EEPC agent will remain in an inactive state. You can track the number of these machines in ePO by looking for machines that have EEPC installed, but still report as inactive.
  4. On every policy enforcement interval, the EEPC agent will check for the competitive product.
  5. When the competitive product is removed, the EEPC agent will detect that condition and activate itself on the next policy enforcement. This is nice because the policy enforcement interval is configurable. You can reduce the time between the old product being uninstalled and EEPC being active to as little as five minutes.

 

This out-of-the-box functionality works very well. However, the list of pre-defined rules is limited to only certain versions of competitive products. To solve this problem, and to enable further customization, the EEPC product team made this feature extensible. You can make custom rules and check them in to ePO. These rules can be setup to detect any file or any registry key. This opens the door to lots of customization. For example, you could make the install conditional upon a full backup being done on the system. You'd have to use a backup tool or make a script that would write a file or reg key when the backup was done, but you can see the logic. Here's an example XML file that I made for Guardian Edge EPHD v7.1.5.

 

<products xsi:type="ns1:PDProduct">
<name>EPHD 7.1.5</name>
<osType>Windows</osType>
<rules xsi:type="ns1:PDRule">
<fileEntries xsi:type="ns1:PDFileEntry">
<path>[Program Files]\GuardianEdge Technologies\EP Hard Disk\User\ephd_driver.dll</path>
</fileEntries>
</rules>
</products>

 

You simply have to save this as an XML file and check it in to ePO. If you want to check for a different file, just modify the <path> line. I don't have an example for a reg key yet, but keep an eye on the comments for one to get posted.

 

To add an XML file with a custom competitive check, go to ePO Menu > Configuration > Server Settings. Then choose Endpoint Encryption from the Settings Categories list. Then click Manage Non Compatible Products. From here, click the Actions menu and select Import Non Compatible Product Rule. Then browse to the XML file, select the file and then click OK. The product will now appear in the non compatible product list.

 

Update: Three example detection files are now attached.