We recently updated the virus scan from P2 to P4 and the upgrade went fine on both server and clients, or that's what we thought.
Yesterday when I was doing some other troubleshooting I noticed some events from MsiInstaller in the EventViewer log. On a closer look I find out that VSE was trying to install, found this strange because I had the correct version. 184.108.40.2067. Scrolling more I've see that this was happening at certain times, 12:00 AM and PM which lead me to check the ePO client task.
We have a client task that runs every 12h on each system and install a number of products if they are missing e.g HIPS, SAE, VSE, DLP etc. I've checked that the correct version of VSE was added in the task and it is.
Now, why is this happening? Would McAfee agent not verify the versions and skip the install if it's the same?
Below is an extract from the log file found on my machine:
MSI (s) (CC:38) [15:02:11:594]: Looking for patch transform: Patch1ToPatch4
DEBUG: Error 2749: Transform Patch1ToPatch4 invalid for package C:\WINDOWS\Installer\13da242.msi. Expected product version == 8.8.01000, found product version 8.8.04001.
MSI (s) (CC:38) [15:02:11:595]: Skipping validation for patch transform #Patch1ToPatch4. Will not apply because previous transform was invalid
MSI (s) (CC:38) [15:02:11:595]: Looking for patch transform: Patch2ToPatch4
1: 2749 2: Patch1ToPatch4 3: C:\WINDOWS\Installer\13da242.msi 4: 8.8.01000 5: 8.8.04001
DEBUG: Error 2749: Transform Patch2ToPatch4 invalid for package C:\WINDOWS\Installer\13da242.msi. Expected product version == 8.8.02004, found product version 8.8.04001.
MSI (s) (CC:38) [15:02:11:595]: Skipping validation for patch transform #Patch2ToPatch4. Will not apply because previous transform was invalid
MSI (s) (CC:38) [15:02:11:595]: Looking for patch transform: Patch3ToPatch4
Anybody have any idea why is this happening?
For an ePO managed environment, when the deployment task runs it executes the detection script of the products that have been configured to be installed.
The symptom you describe, of the installation being launched each time the task kicks off, suggests the detection script is _not_ finding some key data points that would tell it VSE is already installed. Consequently, it will result in the download of the installation binaries from the repository and launching the installer.
The installer at that point may find the product is already installed, and do nothing. Next time the deployment task runs, the same process repeats.
So, you may want to engage our Support team to investigate the health of the system - and verify that the necessary data points exist on the node to allow the detection script to successfully determine the product is already installed, and correct affected systems as needed.
The investigation may require capturing data (with Process Monitor) when the deployment task runs so we can see where the detection script is looking, but more importantly I think, what is happening when it's trying to query those data points.