Showing results for 
Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 6

Virus scan upgrade via gpo


I have around 5000 domain win 7 (sp0) machines running VirusScan Enterprise 8.7i patch 3 (vanilla install), which was installed via SCCM. I need to find a way of upgrading to patch 5 with a custom repository location via GPO. I know this is not supported and we should be using epo, but that is still about 3 months off and I'm being told this needs to be done now.

Attempts so far have met with random results, (in some cases have resulted in machine with no AV installed). Nothing reliable enough to consider rolling out

Any ideas as to the best way to accomplish this?

Thanks in Advance.

5 Replies
Level 9
Report Inappropriate Content
Message 2 of 6

Re: Virus scan upgrade via gpo

Have you tried using like wininstall or something and record the upgrade? So basically make a recorded MSI of the changes that makes to a machine and try pushing that out via group policy? Just a thought.

Level 7
Report Inappropriate Content
Message 3 of 6

Re: Virus scan upgrade via gpo

Thanks for the reply.

To be honest I have no idea how to go about making a recorded MSI, something I will look into, but I need to sort this quickly.

I've set up a epo installation on an old pc. and set it up to replicate to a unc share. If I've got this correct all I need to do is change the sitelist.xml file on the clients to point at this share and the software should get updated to patch 5 etc. This would do for the short term.

Question is What would be the best way of changing the file on the clients. A straight copy doesn't work, Fails with Access denied.

Any thoughts?


Re: Virus scan upgrade via gpo


I am just curious. Are you or are you not using an EPO to manage those 5000 machines. A GPO can be really trick as you have already found out. I would suggest against doing that. Is there no way that you could deploy epO ?


Re: Virus scan upgrade via gpo

If you have the access protection set to block changes to McAfee files and settings there's probably no way you are going to get the patch installed unless you run it interactively (via users clicking next etc- via SCCM possibly- obviously you'd need to test this) or via ePO as you have found out with the sitelist.

ePO is a fantastic tool. your company *really* needs to deploy this to manage your clients.


Level 7
Report Inappropriate Content
Message 6 of 6

Re: Virus scan upgrade via gpo

Thanks to everyone for replying,

We will be migrating to EPO over the next couple of months, once I've got my head around it. I'm completely new to this so it's a case of making it up as you go along. I won't be rolling EPO out until I've tested it satisfactorily within our environment, there's far to much chance of a high profile screw up posible here.

I thought the best approach would be to get all the clients updating from one source. Currently it's a mixture of UNC share and web updates, unc share also has modified client install.

So the way I thought I'd tackle this is:

  • Create unc share via epo
  • Export sitelist
  • Import site list to clients via ftminst.exe /siteinfo command run via either a startup or shutdown script

I should then be able to customise the client settings and then push this out via the unc share.

If this all works, it should buy me some time to set up an epo server properly, get my head round it, and set this all up correctly.

As an extra to this, does anyone know of any good resources for epo apart from the McAfee site?



More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community