We are having an issue deploying ENS 10.6.1 (Threat Prevention only) during our SCCM Workstation build process. Our script installs the Agent fine and the workstation checks into EPO. The issue is this:
A Run Immediate Task is enabled in EPO which applies the AMCore and ENS Hot Fix updates and this impacts the SCCM script process and prevents it from completing. It is my understanding that the current script installs the McAfee products last during the build process. We install ENS Threat Prevention using the following command line"
\\SourceFolder\setupEP.exe ADDLOCAL="tp" /qn
Would adding the /nocontentupdate switch prevent updates from occurring via the Run Immediate Task during the build process and will the workstation then be able to receive updates via the existing Run Immediate Tasks after the build process is completed?
Or is there some other way that the script process can be completed while allowing the hot fixes and updates to be deployed later via the existing Run Immediate Task?
Does not automatically update product content files on the system as part of the installation process. Content files include the latest AMCore, Exploit Prevention, and Adaptive Threat Protection content files required for Endpoint Security.
The /nocontentupdate switch would just prevent the installer from running the update task straight after installation. If a task is sent through ePO though this switch would not prevent the task from running. That being said, the update task won't work anyway if ENS isn't installed because it runs a detection script to check what's installed. If ENS is not installed, it has nothing to update.
Maybe re-think how you want to schedule the updates. You could maybe use tagging to run the task only when the system reports ENS as being installed?
Was my reply helpful? If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?