Reasons to Migrate to Endpoint Security

McAfee Endpoint Security 10 is an integrated solution that replaces several legacy endpoint products, including McAfee VirusScan Enterprise, McAfee Host IPS, and McAfee SiteAdvisor web filtering. If you're an existing customer with one of our Endpoint Security suites, McAfee Endpoint Security 10 is a free security upgrade. Simply log in to McAfee ePolicy Orchestrator (McAfee ePO) and access McAfee Endpoint Security in the Software Manager, or use your grant number to download the software package via the McAfee website.

Table of Contents

Top Reasons to upgrade to McAfee Endpoint Security
Migration Paths
Installation
Endpoint Upgrade Assistant
Technical Resources

Why Migrate to McAfee Endpoint Security

Easy Migration Paths

An excellent resource to help you get started with the migration is the Upgrade Planning Guide.

Here are some recommendations for when you're performing your upgrade.

Upgrade to the latest McAfee Agent (Currently 5.5)

Enable Peer to Peer file sharing to reduce bandwidth when deploying McAfee packages

Disable any Client Tasks that automatically reinstalls VSE, HIPS, or SAE

Required patch levels when using the Endpoint Upgrade Assistant

VirusScan: Patch 1-9
Host IPS: Patch 1-9
Site Advisor Enterprise: Patch 4 or Later

In many scenarios, it is recommended to start with a clean slate in terms of ENS policies. Legacy policies often gain unnecessary configurations that may impact performance.
By starting with clean policies, it can improve the performance of the endpoints.

Review the High Risk and Low Risk processes.

Microsoft Exclusions generally don't need to be migrated

McAfee Endpoint Security provides a new trust model
Microsoft and McAfee applications are automatically trusted out of the box and do not need exclusions
Check your permissions for your newly created policies

Even if you are planning to start with clean policies, you can still perform an Automatic Migration and have all of your existing policies available to you. If you do experience an issue, you can reapply the legacy policy or just review it and add the configuration to the new clean policy.

Automatic Migration

Automatic migration is a hands-off process and the Migration Assistant makes all decisions behind the scenes. Customers create new policies and client tasks automatically, based on current product settings, and assign them to groups and managed systems based on current assignments.

Recommended for:

Networks with fewer than 250 managed systems.
Customers who use default policy settings or a minimum number of custom policies.
Customers migrating the Host IPS Catalog.

Benefits:

Requires minimal user input.
Migrates all settings, including policies and client tasks, for each supported product at the same time.
Retains policy and client task assignments.
Migrates the Host IPS Catalog.

Automatic Migration Guide

Manual Migration

Manual migration is a hands-on process that does not retain assignments. You make most of the migration decisions by selecting the objects to migrate and editing their settings, if needed.

Recommended for:

Networks with more than 250 managed systems.
Customers who use multiple custom policies.
Customers who want to fine-tune existing policy settings.
Customers who want to fine-tune assignments.
Customers who want personally supervise and approve each step of the migration process.

Benefits:

Allows you to select each policy and client task to migrate.
Allows you to edit the settings for each policy or client task to migrate.

Manual Migration Guide

Installation

Download and install McAfee Endpoint Security

Go to Menu > Software Manager
Search for Endpoint Security
Check in the McAfee Endpoint Security Bundle or individual components

Download and install McAfee Endpoint Upgrade Assistant

Go to Menu > Software Manager
Search for Endpoint Upgrade Assistant
Check in the Endpoint Upgrade Assistant Extension

Endpoint Upgrade Assistant

Using the McAfee Endpoint Upgrade Assistant is the easiest way to get your systems running Endpoint Security today. McAfee® Endpoint Upgrade Assistant is a McAfee® ePolicy Orchestrator® (McAfee® ePO) extension which simplifies and automates the tasks required to upgrade the McAfee products on your managed endpoint. EUA analyzes the endpoints in your McAfee ePO environment, detects the supported McAfee products that are installed, and determines the minimum requirements for upgrading to current versions of the products. For more information, please refer to Knowledge Base article KB88141 - Introduction to Endpoint Upgrade Assistant.

You can install the Endpoint Upgrade Assistant with the Software Manager or via the McAfee Download Site

Analyze the environment to identify which systems are ready for an update

The Endpoint Upgrade Assistant will show which systems are ready for an update

The Endpoint Upgrade Assistant can automatically safely upgrade systems within the environment ready for an update. It will perform the following procedure:

Remove McAfee VirusScan Enterprise and McAfee Host Intrusion Prevention
Upgrade McAfee Agent to a compatible version if necessary
Upgrade McAfee Data Loss Prevention Endpoint if necessary
Install McAfee Endpoint Security
Report status of deployment to ePO

You can also create a automation client package that allows you to deploy McAfee Endpoint Security via another software deployment solution.

This table describes what happens when McAfee Endpoint Security is installed.

Legacy Product	McAfee Endpoint Security Module	Action
McAfee VirusScan Enterprise	Threat Prevention	VirusScan Enterprise will always be removed. If the Threat Prevention module is selected as part of the deployment task, it will be installed.
McAfee Host Intrusion Prevention Firewall Module	Firewall	If the Host IPS Firewall module is enabled, Endpoint Security Firewall will be inactive even if it is installed. Once the Host IPS Firewall module is disabled (e.g., via policy change), Endpoint Security Firewall will become active.
McAfee Host Intrusion Prevention IPS Module	Threat Prevention	If the Host Intrusion Prevention IPS module is enabled, the Threat Prevention Exploit Prevention functionality will be inactive, even if it is installed. Once the Host Intrusion Prevention IPS module is disabled (e.g., via policy change), the Threat Prevention Exploit Prevention functionality will become active.
McAfee SiteAdvisor	Web Control	SiteAdvisor will always be removed. The Web Control module will be installed if it is selected as part of the deployment task.

Technical Resources

Guides

KnowledgeBase

Communities

Video

Additional Services

Our Professional Services team can provide the guidance and expertise to ensure a successful migration within more complex upgrade scenarios. Contact Professional Services to learn how to optimize your policies, start a pilot upgrade, assess your complete McAfee ePO environment and/or manage a full McAfee Endpoint Security 10 deployment.

Contact Professional Services

Stay Informed

Stay connected with Intel Security for the latest content and updates. Sign up to receive communications >