I'm working to build a custom installation of windows. Normally we provide two kind of installation. One for Laptop that for security reason they are not connected to the domain where we install the McAfee 8.8 that receive the updates form internet. The others are workstation in the domain the updated by the EPO server. For these workstation first we install the Agent downloaded by the EPO Server ant then we install the Antivius
Basically we have two networks isolated one is for Laptop where is able only to go to internet and the other are connected to the Domain Services.
I would like to create one image for both systems and so i would like to know if there is any problem to install before the Antivirus and later the Agent if the Workstation. So i can create the custom image of windows with the antivirus and then add the agent if it has to be added to the domain.
In these moment i have an old image with AV and Agent installaed and if the laptop is Standalone(No Domain) i have to remove the agent and sometimes is not so linear.....
Solved! Go to Solution.
So, essentially you have two agents - 1) External Update & 2) Internal Update on one image. Make sure to remove the GUID from the image:
As for updating (External vs Internal), perhaps add the McAfee HTTP or FTP as a fall back repository; if system is unable to reach the ePO server it will pull their updates from McAfee HTTP or FTP: McAfee Corporate KB - CommonUpdater download sites KB76558
Another way around that would be to setup an Agent Handler in a DMZ (if you have a DMZ) or create a local share on the "Internet" side for those system to pull their updates from.
Tanks Tao....i'm tryning to understand in deeper how it works Mcafee.......i'm thinking to follow a course...but tanks for the very useful
Just to undestand.:
I can include only the Antivirus in Master Image of Windows (Distribuited by WDS )and the add the ePO Agent only if the Workstation will be joined to the domain and it will get the updated by the ePO Server?
You can have one base "Image" that includes the Agent & AV:
1) If you are unable to create a Local Share for those "External" systems: Update standalone clients from ePO UNC repository ; then within your McAfee Agent > Repository - Repository list: have your ePO Repository along with McAfee FTP and/or McAfee HTTP.
If the system is unable to access your ePO server it should try the next Repository in your list. So, Internal systems should pull from your ePO Repository while External systems, not having access to your internal ePO server, should pull from the next Repository in your list. Test and confirm.
2) Before saving your base "Image" you WILL need to remove the GUID from the base "Image"; not doing so will be problematic when systems report back to your ePO sever.
Tao tanks for your patience
From what i have understood i could create and dowanload a new McAfee Agent from the ePO in order to get the Updates form Internet.....is correct? but I don't have Access to ePO.
In this moment i have the Installation files for the Antivirus Mcafee 8.8.... This install also the agent 4.8 that it will get the updated by Internet. For the Workstatons that will be joined to the Domain and that can contact the ePO before to install the antivirus we install the Agent 5.0.4 downloaded from our ePO server by an ex Collegue(that does not work here anymore).
What I would like to do is to prepare an Windows Image installing the Antivirus...so basically i will install also the Agent 4.8 that will get the updates form Internet. Then reset the GUID and sysprep Windows. So when i will have to Install a new Windows Workstation that have to be joined to the domain(the majority) i will updated only the agent with version 5.0.4 dowloaded by the ePO.
It's possibile or i could have poblem?
Or if i have installed our Agent 5.04 downladed form the ePO it's possible to reset his repository and tell him.....don't get the updates form ePO but form Internet?
I don't know why you want to make life so complicated. We have both desktops and laptops in the company. They all get the same AV and HIPS policy. If the ePO server is not available, the systems automatically go to McAfee HTTP for updates. We actually find this handy for our desktops too, in the rare instance ePO is down, we allow calls to McAfee through our corporate firewall.
If you are thinking about installing an unmanaged version of McAfee on the laptops, I really don't see the point. Now you have no idea what the laptops are doing, or if they are in compliance or not.
My 2 cents.
For security reason(it's not my choice) our security manager don't want laptop on our domain and they are also other vlan that is isolated from the VLAN we in the domain. Laptop are used for experimentation and often had sofware not so compliance with the domain policy The problem is not "if ePO is not available" because they can't connect to the ePO, they are in separated VLAN without routing between them.
They only can connect to Internet.
So what i needed to know is...
Is possible to install in the custom image only the Antivirus ......and later, after i have deployed Windows install the ePO Agent if necessary..?
Use the McAfee Installation Designer:
You should be able to create a custom VSE w//a very limited agent install (VSE needs components of the agent for DAT updates)