I am using an ePO 4.5 Client Task to distribute HIPS 7.0 Patch 3 to machines within my environment. I am planning on updating the HIPS version to patch 8 and have product updates scheduled in a separate task that only runs on machines with certain tags. If I check in HIPS Patch 8 into the Current Branch will the machines then try to update to Patch 8 automatically after installing HIPS 7.0 with Patch 3 even if they are not tagged to recieve the Patch 8 Update task? My hope is that the clients do not try to update automatically after installation so that I can control the rollout of Patch 8 more closely. Thanks.
Yes, any client that runs a non-selective update task (i.e., an "Update Now" from the client side) will still be able to download Patch8 and install it. If you wish to control (any) product patch deployment, I would suggest deploying the patch from the Evalution branch, but this requires McAfee Agent 4.5 extension and Patch 1.
KB53025 - McAfee Patches cannot be deployed from either the Previous or Evaluation Branch