Is it OK to leave most systems on May Update and only install July Repost to new installs
In our environment, we have several thousand systems that are running ENS Threat Prevention 10.6.1 with Patch 1 and the May Update. This makes them compatible with Windows 10 1903 if their system was to upgrade to it.
However, I noticed that the July Repost has been released which is the full installer that supports Windows 10 1903. Is it OK to just install the full installer and deploy it to fresh installs off Windows 10 1903 and leave the systems with May Update as they are?
I am trying to avoid too much impact on the end systems. I assume that later on McAfee will release say September Update and that this should upgrade our May Updates via the updater tasks.
How are other people handling the different packages in their environments?
Re: Is it OK to leave most systems on May Update and only install July Repost to new installs
i would avoid this choice mainly for two reasons First, for performance reason, the new full update correct a few performance issues especially the memory management when using Exploit prevention rules on x86 applications, some memory leak for ATP module, and more globally, another issue with exploit prevention module. second, as this version is a full installer, it is installed quite quicker on computers. If you stay on a May version, this means that if you need to reinstall after repair the ens suite, you'll go for a full install at first step then a second phase where all may patches will be pulled / pushed. It takes time before being secured. Finally, one main version is easier to manage. so if you add to these points all other feature or stability fixes, avoiding this Repost version seems for me inapropriate. I'm quite used to ENS upgrade processes in my environment. This morning i just published that repost version on 220 alpha & beta computers (real computer in production environment) without being noticed by almost all agents. And when my test will be over, i'll go for 9000 nodes silently. By waiting for september update, you will be confronted more probably to a patch set instead of a full installer. So it will add delay and complexity in my opinion to your work. Based on my own experience, when you have the possibility to shorten and simplify the install process, you should take advantage of it. Of course this is just a personal opinion. My apologies for my English knowledge.