Recieved this, this morning:
McAfee Agent (MA) 4.6 is now available from the McAfee Download site at http://www.mcafee.com/us/downloads/ This release includes both Windows and Non-Windows versions of the product. MA 4.6 highlights include:
For more information, see KB71862 — McAfee Agent 4.6 Release Notes (Addendum): https://kc.mcafee.com/corporate/index?page=content&id=KB71862
Im looking to get this into my ePO 4.6 today but not sure if I should check in the AgentKeyUpdate.zip file?
The readme says this:
The 4.6 Agent Key Updater package is not automatically checked in to your Master Repository when checking in the McAfee Agent 4.6 product extension to your ePolicy Orchestrator server. This ensures that you retain control over which key updater is in your environment. Before you deploy the 4.6 agent, manually add the key updater package to your Master Repository.
I want to be able to deploy htis through ePO and as the notes say i should add the key updater package to the repo but im a little wary about doing this. Anyone else done this yet or can shed any light?
To get agent version 4.6 into EPo follow the install intrustion on page 22 of the McAfee Agent 4.6 product guide, available in the download section on thier web site.
Worked though this earlier this moning without issue. I now have the first wave of machine upgraded to the new version. All looks good so far.
Just came to the same point: what is AgentKeyUpdate and should I check it into our system????
On live 4.6 we have AgentKeyUpdate 4.6.1444, self signed by our ePO server. On test I just checked in AgentKeyUpdate from MA4.6 download page - 4.6.1694
Can someone tell us what AgentKeyUpdate does and what version should we use??? Cant find anything in the KB....
I've spoken with my reseller and they spoke to McAfee and I was advised that if I wanted to deploy it from the ePO server then I should install the Agent Key Updater. Still had no explanation from them and whats it for or what it does they just said its needed in order to push the agent.
I've installed it yesterday and cant see any problems client or server side. All looks good to me.
The key updater package is a tool that allows an agent to update its keys if required - say for example if you create a new agent-to-server key pair, or promote another key pair to Master. The key updater package, like the agent install package, is rebuilt with the new keys when they change. Then when an agent runs the updater package as part of an update task the new keys are applied to the client.
So its a good thing to install then, lol :-)
I would strongly recommend it
The one thing to note is that the key updater package is not selected by default in a normal update task - I believe it defaults to just dats and engines. (I don't have a test machine handy to check.) So if you're intending to change your keys, make sure that all your machines are configured to run the key updater as part of one of their update tasks before you change the key pair
Good point. I’d forgotten about that. Im sure my update taskhas been modified and I did tick it. However, you know what the saying is ….assumptionis the mother of all f**k ups so ill double check.