cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 51 of 63

Re: VSE 8.8 Patch 2

Jump to solution

I'm testing it on about 50 PCs including 1 DC, an Exchange server, some app servers, etc..

There are TWO releases for VSE 8.8 Patch 2, and how they differ is importan to understand.

There is the FULL release, which  is the full installation of VSE 8.8 WITH patch 2 already rolled in, and it  goes only to machines that don't already have Virusscan installed.

Then there is the UPDATE release, which is used to patch existing VSE 8.8 installations.

If you already have VSE 8.8 Patch1, then you need the UPDATE package.

Here is how I did it.

I checked in the patch into the EVAL branch.

I made a tag (VSE_88_p2_test).

I cloned my MCafee Agent general policy, and set the clone to offer updates for VSE from the Eval branch,

Then I created a Policy assignment rule to apply the policy to that tag.

So when I tag a box and it tries to update, it gets the Patch 2 update..

As long as the boxes are on, they get the patch...

norbertg
Level 12
Report Inappropriate Content
Message 52 of 63

Re: VSE 8.8 Patch 2

Jump to solution

I've checked this morning and more than 50% of our PC's have now updated. I removed the deployment task before leaving work yesterday.

We are running the latest Agent (4.6.0.2935), however I have found it annoying that p2 requires a reboot. My machine just updated and had to reboot it.

brentil
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 53 of 63

Re: VSE 8.8 Patch 2

Jump to solution

I've rolled out to about 200 machines so far and only 4 have needed reboot.  The Patch 2 release notes makes mention to fixing installations that have gone wrong in the past so in those cases it might need a reboot to fix them.

I know SAE+ P1 for sure is the one right now for us throwing the request to reboot if any browsers are open.  However we're just suppressing it via MA policies and everyone will be rebooting anyways this week for MS patches.

norbertg
Level 12
Report Inappropriate Content
Message 54 of 63

Re: VSE 8.8 Patch 2

Jump to solution

I have VSE 8.8.0.975 checked in and in current branch, previous branch and evolution branch, I also have a VSE Update Task setup however I still have 98 computers that refuse to update.

I've checked the agent logs (all v4.6.0.2935 excluding 2 pc's) and it doesn't even appear in the logs that VSE requires an update.

Edit: looks like it's finally updating, down to 92 PC's.

Message was edited by: norbertg on 13/09/12 1:01:26 PM
Former Member
Not applicable
Report Inappropriate Content
Message 55 of 63

Re: VSE 8.8 Patch 2

Jump to solution

8.8 p2 deployed to 300+ clients after a test cycle.  No issues so far.

norbertg
Level 12
Report Inappropriate Content
Message 56 of 63

Re: VSE 8.8 Patch 2

Jump to solution

I am down to 55 PC's.

I don't know how to update these last remaining PC's without manual intervention.

I have vse8.8p2 checked into current branch, evol. branch and previous branch.

I have Agent Update task to update VSE.

I am not sure what else to do. About 70% of the remaining PC's are online 24/7.

norbertg
Level 12
Report Inappropriate Content
Message 57 of 63

Re: VSE 8.8 Patch 2

Jump to solution

Only 9 PC's left, it updated 40 odd over the weekend. Looks like it works but slowly.

Former Member
Not applicable
Report Inappropriate Content
Message 58 of 63

Re: VSE 8.8 Patch 2

Jump to solution

I've deployed Patch 2 out to approx. 250 PCs with no issues whatsoever

This also gave me the confidence to redeploy HIPS in my environment and all is well with the world.

Thanks to everyone for their input!

I'm going to go ahead and close this thread, which took on quite the life of it's own!

Should I start a Patch 3 thread?

Former Member
Not applicable
Report Inappropriate Content
Message 59 of 63

Re: VSE 8.8 Patch 2

Jump to solution

Is anyone else having issues with the deployment causing excessive bandwidth issues?  I have at least 1 location that is reporting this issue.  While I would love to say my environment gets updates all at once this isn't realistic.  I tend to run the patch update over a period of weeks before I get close to full compliance.  Also is there any way to pinpoint only the machines that haven't received this patch instead of redeploying constantly?  It's sad that these udpates aren't smart enough to know that when it's installed the task should just stop.

brentil
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 60 of 63

Re: VSE 8.8 Patch 2

Jump to solution

jcain13 wrote:

Is anyone else having issues with the deployment causing excessive bandwidth issues?  I have at least 1 location that is reporting this issue.  While I would love to say my environment gets updates all at once this isn't realistic.  I tend to run the patch update over a period of weeks before I get close to full compliance.  Also is there any way to pinpoint only the machines that haven't received this patch instead of redeploying constantly?  It's sad that these udpates aren't smart enough to know that when it's installed the task should just stop.

The task itself has knowledge of if it needs to install or not, it doesn't rerun the full installation every time.  The reason tasks continue to trigger is if they have to run again.  For example a user somehow removes a product the tasks running again would make sure it gets redeployed.  Their machine downloads the install files once and then triggers the installation, from that point on when the task triggers it already has the files and is just doing a check to see if it needs to be installed or not.  The frequency of these checks can be defined by you through ePO so you can limit how often it runs on a users machine if you want.  There really is no reason to not run tasks on a users machine unless its causing performance problems as it does not eat up any bandwidth.  If the patch was already installed it has nothing new to report.  Which McAfee actually put out a good document recently on performance tuning the MA & VSE relating to these types of things.

If you want to target only machines that need it via a deployment task then you can do that a couple ways. 

You could make other groups you put those machines in that have the deployment task then shuffle them out of there as they deploy.  That's more of the brute force way. 

The intelligent way would be to create a Tag group for machines that do not have Patch 2 then in your deployment task define that only machines in that Tag group will get the task.  You then create a server task that runs periodically to set & remove tags based on a query for Patch 2 status.  Since ePO 4.6 I've been heavily using Tags for all kinds of tasks, it provides tons of sophisticated targeting ability without messing with your System Tree groups.

You could also decrease bandwidth usage at locations by making one of the machines at that location a SuperAgent that replicates the files needed.  Then all the machines in that location will get all of their files from that one local machine instead of your upstream ePO server.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community