I have 2000 laptops on my network.
They are all running the following components:
McAfee agent 220.127.116.117
DXL client 18.104.22.1680
Endpoint security platform 10.5.3.3178
Endpoint security threat prevention 10.5.3.3264
Endpoint security adaptive treat protection 10.5.3.3113
In preparation for Windows 10 1803, I need to update all the components to:
McAfee agent 22.214.171.1247 (UNCHANGED)
DXL client 126.96.36.199 (NEW version)
Endpoint security platform 10.6.0.542 (NEW version)
Endpoint security threat prevention 10.6.0.672 (NEW version)
Endpoint security adaptive treat protection 10.6.0.656 (NEW version)
I'm currently running a deployment on a pilot group of 50 laptops to test the new version of DXL and ENS.
What I have done so far:
Check in new DXL and ENS into Evaluation branch
Created a client task (I name it ENS_10.6 Install) under Product Deployment to install DXL and ENS components.
Then I'm manually deploying ENS_10.6 install to my pilot group of 50 laptops.
What would be the best way of upgrading the rest of the laptop fleet?
I am using client task for client deployments.
In you comapny we have 30000 computers.
Pilot running on 400 machines.
Wave 1 - 1000 machines, Wave2 - 2000, Wave3 5000, Wave4 - 5000...
I am using TAG for deployment - "ENSDeploymnet" and Client task assigment for this tag.
Client task "ENS 10.6 - Evaluation" assigning scheduled client task for machines and thats all.
Hi, so just to confirm, this is what you did?
1. Create tag - name it for example ENSDeployment
2. Create a client assignment for DXL and ENS and target all machines with this tag?
but I am using two different task for ENS and DXL.
"ENSDeployment" tag with client task assigment - Task contains (ENS Platfrom, Threat Prevention and Firewall. (Task name - Deply ENS 10.6 - Evaluation)
Other deployment tag is DXL-ATP with client task assigment - Task contains (DXL and ENS Adaptive Threat Preventin) (Task name - Deploy DXL 4.1 ATP 10.6 - Evaluation)
Hi, thanks for the prompt response
Are there any reasons why you created two client tasks?
Ther reason i ask is because I was advised by a McAfee engineer to install DXL and ENS components in this particular order.
2. ENS platform
3. ENS threat prevention
4. END adaptive threat protection.
He did emphasise that the order of installation is important.
It's just for me and prevent a lot of investigation.
Personaly I am at first updating ENS (Platfrom, TP and FW) to know what issues I will have after ENS update/deployment.
After ENS deplyment I am started DXL/ATP update/deployment and see that for one specific application ATP causing the performance issue and I am dont need to investigate this issue caused be TP or FW, I know that issue appears after DXL/ATP deployment, just removed ATP and issue gone.
Good information here! Finally found EPO admins doing the upgrade. I am in the process of upgrading from legacy products VSE & HIPS Patch 10 to ENS 10.6. I actually did 8 upgrades in our test environment. But since 10.6.1 was released recently that will help with 1 problem I came across. Has anyone seen where the inital deployment of ENS it drops a 802.1x network connection? I am hoping its a filter driver issue and 10.6.1 resolves it. Fingers crossed.
Also, I have to install ATP after we migrate 1000 workstaions (includes laptops) to ENS, and I'm actually going to install it separately as well to monitor the deployment and what its actually going to block.
I read the thread about uninstalling HIPS after ENS is deployed, which helped me out instead of calling support. Its not documented anywhere that you need to remove HIPS later.
There is also a very helpfult tool that you can use called Endpoint Upgrade Assistant.., from ePO goto the Software manager and search on "EUA".
Current version at time of this post 188.8.131.52
This will analyze what you have and show you what can be upgraded, what needs to be done to upgrade and also there is an option to build an upgrade package and deploy.