It's been a while MEE v 6 is out! So time for getting feedbacks, suggestions & FMRs
I am sure this new version has brought cheer to many due to its full ePO integration capabilities. No separate connector, no commandline, single DB and many more...but still your feedback will count.
Thanks in advance and Merry Christmas!
The integration with EPO is so poorly thought out as to make the product unusable for us. We are staying with v5 until all that is worked out. I have posted on the problem before, so I won't rehash it here. Briefly, machines in EPO have to be organized based on Brand and Model to work with Endpoint Encryption policies because of various BIOS problems. The remaining McAfee products managed by EPO are based on management rules such as HIPS rules and Access protections etc. Basically, the way Endpoint Encryption forces you to organize your system tree in EPO is different than all the other McAfee products to the extent that you will not be able to do both. Endpoint Encryption is probably OK on its own in EPO, but will clash with management of additional McAfee products. It would be much better if EE policies could be assigned based on either a custom value or system tags. Until this is fixed, I doubt many customers will be making the switch - or they will and regret it.
Add to that inability to control disable suspend and hibernate options, lack of clear troubleshooting procedures, lack of EE 5.x -> 6.0 migration tools, more complicated deployment and management, no scripting; that's all on the negative side.
Big positive is standard SQL database, improved integration with other ePO products.
Thanks for pointing out those positives. It is easy to get frustraited and just say everything sucks. The switch to a SQL DB is a BIG DEAL that will add a lot of stability to the product. That change alone, to me, is worth the trouble. I look forward to using EE 6 once some of these show-stoppers are resolved.
I am sure McAfee Product Management is aware of these push-backs and are working dilligently to come up with solutions pretty quick. "Everything has its own UPs and DOWNs"...but I have been seeing McAfee Product Managment from the last couple of years and their committment to improve this product - make more customer friendly (ePO integration/sql database).
Hope Patch 1 will sort out most of the things. "Hope..!!"
This is really disturbing and discouraging to hear. My task for the first quarter is to get v6 into production. Given that we are 99% homogeneous shop (HP) might mitigate this a bit, I hope. My plan was to roll out v6 alongside our current v5 infrastructure and make new installs, rebuilds, etc in the v6 environment. When the migration tools come out then would plan to move the other v5 machines into v6.
I heard there were also issues managing users for PBA in v6. Hope this all gets straightened out sooner than later.
If you can get away with a single EE policy in EPO, then you might be OK. If you manage other McAfee products using EPO AND you need multiple EE policies, that is where you run into trouble. It would be hard to organize your system tree in a way to support both EE and VSE for instance unless you have a single policy for VSE on all machines. If you have 4 different VSE policies and 4 different HIPS policies and 4 different EE policies, then you need 64 different groups that need to be created for those combinations and any process you have in place to automatically organize your tree would need to be rethought.
For me, I have 8 different management levels that share the same HIPS and VSE policies. Adding in the 4 different EE policies we would require would make 32 different groups where there were 8 before. The 8 groups are automatically assigned by OU from Active Directory. With EE entering the picture, I would also have to abandon the automation or reorganize AD to support encryption. Neither option is appealing.
With a single EE policy you could assign it at the top level of your workstations in the system tree and then let it propagate down. If all your devices you want to encrypt can take the same EE policy and files, you probably will have an easy go of it.
I don't know too much about user management yet. I wasn't able to get thaqt far into the product before I realized the system tree organization wasn;t going to work with the new product.
I had the product for less than 3 hours and discovered issues that halted my deployment plans immediately:
1. If you lock and then unlock your screen and let it sit there for 2 minutes or more and then put in your password, the thing automatically logs off and sits at "saving your settings." So if you move your mouse to unlock your screensaver and then you get a phone call and don't put in your password for a bit, you will lose everything you had up at that point in time.
2. If you add a user specifically to a machine then remove them and add a group, which the original user is in, to the machine or overall group users, every person in the group is added except that original user. Every machine will not add this user either even though the original user was never added to any other machine. I tried replicating the issue with another user in the group and the same thing happens. So now two users will not be added.
3. After starting up a computer you get "EpePC has been corrupted". According to tech support this is a known issue from previous releases that, to their surprise, is still not fixed. It just randomly happens and the only resolve is to redo the computer and lose everything on it.
There are alot of other things I found as well, but I can't remember all of them. I mean, the tech support guys and I are on a first name basis and every issue I had has been escalated to development.
In my honest opinion, this product is nowhere near ready for release and if someone were to actually go ahead and deploy this product in a production environment, there would be major issues most likely resulting in the person getting terminated. I got told by mcafee techs on here that I need to "test, test, and test again", which I do agree with. However, I believe V6 should have been tested ALOT more before it was put on the download page.
As it stands right now and as many other have voiced, V6 is simply undeployable in its current state.
Message was edited by: Jack Siergiej on 1/4/10 9:17:07 AM CST
Did you recived from McAfee official confirmation on these errors? It's important to me to have such confirmation to pass it to our customer who is very interested in deploying new EEPC. Will I get such confirmation from McAfee support?
I've managed to replicate only first of errors you described and I'm unsure that all of these errors are known issues of EEPC v6.