Are there any suggestions or known methods to upgrade machines that are current otherwise with software, but got stuck with the 4.0 McAfee agent and have never upgraded?
200 machines (about 15% of my total end nodes) have the 4.0 agent and won't upgrade when I deploy a 5.0 agent from ePO. They also have VSE 8.7 and that won't upgrade either. If I manage to upgrade the agent on one, then VSE will begin to update on its own. If it matters, I noticed this when we were deploying 4.8 and the problem was the same.
We use Kace for software deployments and I've written a script that runs the FrmInst.exe /FORCEUNINSTALL and then installs the new agent. It worked once or twice, but is not reliable. If a tech physically visits or remotes into a machine, then they can run the manual uninstall and install the current agent and the machine begins working as expected. I need a way to fix this centrally though.
These machines are spread across our network on different subnets in different physical locations (buildings). Almost every machine that I've checked has Windows 7 x64 installed.
Thanks for any help or suggestions.
We had the same issue here with some old agents, and had to perform manual uninstalls to get them up to date.
So with that in mind, I'd say go for a mix of your original approach and ePO; use Kace to remove the old agents with frminst.exe /forceuninstall, then deloy Agent 4.8 (or 5.0, if you're feeling super-brave) via ePO console.
You'll get the required agent version installed, registered with ePO and updated VSE version automatically.
Not with any success. The 4.0 agent seems to want a 4.0 FramePkg.exe to be involved. I have both 4.8 and 5.0 available at the moment. I worked with McAfee support last year and they were unable to get a 4.0 agent. I'm not sure that would work anyway.
If there's a way to configure a task to remove the 4.0 agent, please let me know how. I don't mind building a complicated package for the removal. I've run out of options at this point though.
You can run a McAfee Agent Product Deployment Task (Remove/Uninstall) but you will need to have the MA package with a mathing Patch level checked into you Master Repository (previous Branch).
The Client Task will pull down the FramePkg.exe file and unpack it locally presenting the MSI package run in silent mode to uninstall the product.
The MA is installed with an MSI, and the Windows Installer Database will need the same Package (Matching GUID) used to install the Agent, to be able to remove it.
McAfee have produced manual steps to remove the Agent if the MSI/FramePkg files cannot be located or supplied by support here:
McAfee Volunteer Moderator
Certified McAfee Product Specialist - ePO
Thanks for the reply and info. Do you know how I can obtain the older 4.0 agents?
I haven't found any downloads or archives for 4.0. Given the GUID reference, I'm not sure this is an option because our ePO server was moved to a new server and the console was rebuilt creating a new database. The 4.8 agents were deployed after this to overwrite the 4.5 installs that were out there from the old ePO DB. Most upgraded without issue, except for those 4.0 machines. We've got both 4.0.1180 and 4.0.1196.
We had similar issues in our environment with legacy clients operating with VSE 8.7i when trying to install MA4.8. In our particular case the issue was attributed to a known problem with Access Protection rules for VSE8.7i being "unaware" of new components (binaries) added into MA4.8 and above (refer KB81232 - problem 2). If this is your issue I would suggest you amend your VSE8.7i policy set, but failing that temporarily disable Access Protection on your endpoint to complete the MA upgrade.
Failing that are you able to post the logs from a failed MA installation as they might assist troubleshoot the issue on your endpoint which is preventing the installation from completing successfully.
- c:\Windows\Temp\McAfeeLogs\FrmInst_<hostname>.log -> if install is attempted via an ePO client task
- %TEMP%\Temp\FrmInst_<hostname>.log -> if install is performed manually on system
Thanks for the suggestions. While those clients with 4.0 agents have 8.7 VSE installs, we don't have 8.7 on our ePO server. Which means no 8.7 policy set. So I checked in VSE 8.7 to our ePO server a moment ago, but no options to for an 8.7 policy set have shown up. Only VirusScan Enterprise 8.8.0.
I excluded the 2 files per the article's suggestion for our 8.8 policy. I'm not sure how this would help though even if I could create an 8.7 policy. If I can't manage the clients because the 4.0 agent isn't communicating with our server, then making changes to the policy won't matter.
Were your 4.0 agent machines managed by your ePO server?