We have a small lab where the PC admins needs full rights to change settings in the McAfee virus scan and agent settings but only from the client not from the EPO web server.
Is there list of places to go to grant this? We'll push down the agent and the AV install but after that we need them to change whatever they need to. We are using EPO so that we can still track usage and have it report back data.
But if it's not possible the next option is to install an agent-less install that allows them to do whatever they need to. Could we just give them the AV installer without the agent? Do we need special licensing for our company to use that?
Assuming you're using ePO 4.6 and VSE 8.8: In the Policy catalog go to VirusScan Enterprise 8.8.0, then General Options Policies.
On the "Password Options" tab you can choose to protect the settings with a password and also which items to protect, or not protect.
If the Virus Scan is managed by EPO even if end users change locally tpe policies of AV the McAfee Agent will some minutes after load the EPO server policies.
It possible to install the AV one by one on each computers but it is a waste of time if you have a lot of computer.
Firstly you can deploy AV via EPO.
Secondly, you will uninstall the agent via EPO on selected computer.
Finally, those end users can modify their policies.
Yes, I think that's the idea. Then you'll also have to tell VSE not to overwrite client exclusions etc. That is done in the different policies for high-risk, low-risk, and default processes.
If you choose to install as ditguy2012 suggests, I think it's better to do a standalone installation of VSE. If no agent is present while installing VSE, VSE will install an updater.