Update: In 2014 McAfee renamed Endpoint Encryption for PC (EEPC) to McAfee Drive Encryption (MDE). These instructions are valid for both versions.
Although ePO does a very good job of deploying Endpoint Encryption, many customers are required to deploy software via third-party tools. We can accommodate this requirement. In fact, it is a very simple process.
- ePO 4.5 server
- ePO 4.5 agent
- Active Directory server is registered in ePO
- EEPC is installed and configured as per the quick start guide
- Determine if endpoints already have McAfee Agent v4.5 installed, if not build a framepkg.exe file from ePO and install before installing the EEPC components
- Identify the target platform, 64bit or 32bit?
- Execute appropriate MfeEEAgent.msi
- Execute appropriate MfeEEPC.msi
- Done (product will prompt for reboot and start encrypting after next sync to ePO)
Collect The Necessary Files
The EEPC installation is dependent upon the McAfee Agent being installed. If it is not installed, you will need to install it prior to attempting an EEPC install. To create an installer for the McAfee Agent that is specific to your environment, log in to ePO and then go to the System Tree. From there, click on System Tree Actions and then select New Systems.Select Create and download agent installation package. Then complete the other fields and click OK to proceed. The next screen will have a link to download the FramePkg.exe file. Remember, this step is not required if the McAfee Agent is already deployed in your environment.
The next file to collect is the installer for the McAfee Encryption Agent. This agent manages the encryption policies for all underlying encryption providers. This file can be extracted from the standard product download. EEPC is delivered as a zip file that contains four directories. The encryption agent installers are zipped in the Endpoint Encryption Host 1.0 directory. Go here and unzip the MfeEEAgent.zip file. From there, copy the MfeEEAgent32.msi and MfeEEAgent64.msi. The file names indicate which platform they should be run on. For example, the MfeEEAgent32 is for 32bit platforms.
The final file to collect is the McAfee Endpoint Encryption for PC installer. This installer allows McAfee to use its software encryption technology to encrypt the disk. This file is also contained in the standard product download. The file is in the Endpoint Encryption for PC 6.0 directory. To get the files, unzip the MfeEEPC.zip file.
You now have all the files necessary to install McAfee EEPC via third-party tool. The MfeEEAgentxx.msi file should be run first and will not prompt for a reboot. The MfeEEPCxx.msi file should be run second and will prompt for a reboot when complete. After the reboot, the newly installed components will do an initial sync with ePO. After this sync encryption will start and the relevant policies will be enforced.
If you have further questions, please contact your McAfee representative or engage professional services. You can also post questions in the comments!