cancel
Showing results for 
Search instead for 
Did you mean: 
MattB
Level 7
Report Inappropriate Content
Message 1 of 4

How to get new machines up-to-date?

Jump to solution

We have a set of xp images that we use to roll out new machines.  The images have a version of VSE (normally 8.5 or 8.7) and an agent (normally 4.0 or 4.5).

The problem we are having is that the machines take a long time to get up to date.  When the machine first boots up and contacts ePO (v4.5) it reports the versions it is using and therefore is out of date.  If we leave the machine on the network for a few hours it updates and reports back as being 'compliant'.  Does anyone know if there is a way of making this a little quicker. ie Once the machine has reported in as out-of-date then it will instantly update and reports back once it's done.

Currently we have :

     AD import task that runs every 15 minutes

     Agent to Server Communication is 1 hour

     Policy Enforcement Interval is 5 mins

Is there a way to remove the delay without turning the Agent to Server communication up a bit?

1 Solution

Accepted Solutions
apoling
Level 14
Report Inappropriate Content
Message 2 of 4

Re: How to get new machines up-to-date?

Jump to solution

Our practice is to prepare a VirusScan Enterprise custom install set using Installation Designer, on a fully functional and properly (EPO) managed workstation. During creation of the custom package, we leave the "Update product at the end of installation" checkbox set.

Because you prepare the custom package on a managed workstation, the package will contain the proper sitelist.xml (although you can edit that during creation). Use this package when creating the XP images or when pushing VSE onto clients.

In order for us to avoid potential duplicate McAfee Agent GUIDs - we use ePO 4.0 environment still - the image does not actually contain VSE, but once a computer is imaged, one last step is to install VSE using this custom package through scripted install. This ensures that all clients is up to date at the end of imaging process, without duplicate GUIDs.

Of course if you cannot fully adopt this practice regarding imaging, another option could be to set the default AutoUpdate task in the VSE custom package to something like "When logged in", etc. so that when the image actually burned to a client and the user logs in, the update happens. Your central AV policy nevertheless can disable the default AutoUpdate on client, but when it does so, the update already happened.

3 Replies
apoling
Level 14
Report Inappropriate Content
Message 2 of 4

Re: How to get new machines up-to-date?

Jump to solution

Our practice is to prepare a VirusScan Enterprise custom install set using Installation Designer, on a fully functional and properly (EPO) managed workstation. During creation of the custom package, we leave the "Update product at the end of installation" checkbox set.

Because you prepare the custom package on a managed workstation, the package will contain the proper sitelist.xml (although you can edit that during creation). Use this package when creating the XP images or when pushing VSE onto clients.

In order for us to avoid potential duplicate McAfee Agent GUIDs - we use ePO 4.0 environment still - the image does not actually contain VSE, but once a computer is imaged, one last step is to install VSE using this custom package through scripted install. This ensures that all clients is up to date at the end of imaging process, without duplicate GUIDs.

Of course if you cannot fully adopt this practice regarding imaging, another option could be to set the default AutoUpdate task in the VSE custom package to something like "When logged in", etc. so that when the image actually burned to a client and the user logs in, the update happens. Your central AV policy nevertheless can disable the default AutoUpdate on client, but when it does so, the update already happened.

MattB
Level 7
Report Inappropriate Content
Message 3 of 4

Re: How to get new machines up-to-date?

Jump to solution

Hi Attila,

Thanks for that.  It was just what I was looking for.  I haven't really explored the Installation Designer, does this deploy the agent as well as VSE for you?

apoling
Level 14
Report Inappropriate Content
Message 4 of 4

Re: How to get new machines up-to-date?

Jump to solution

Hi Matt,

Installation Designer allows you to embed in a single custom VSE package (.MSI) the Framepkg.exe, any new DAT/engine set, any VSE Patch and more. Be sure to use the Installation Designer version that matches VSE version, i.e. there is a separate ID 8.7 for VSE 8.7, ID 8.5 for VSE 8.5 etc. You cannot - I think - use ID 8.5 for VSE 8.7 and the other way around.

Installation Designer should be available among the products that you can access on McAfee dowloand site with your grant number in the product suite that contains VirusScan.

Only Installation Designer 8.7 allows you to prepare an ePO 4 or ePo 3.6 package. Earlier ID versions did not support this (although in my experience this only means putting a signature in the package so ePO can say "This package is signed").

Attila