cancel
Showing results for 
Search instead for 
Did you mean: 
Nick_B
Level 11
Report Inappropriate Content
Message 1 of 6

Robust Deployment Strategy for Multiple Products?

Jump to solution

Hey Community Members,

Hope you are all doing well.

I am working on a client with around 7,000 endpoints. McAfee products are installed on the desktops, laptops. Windows 7 and some 10.

Their environment consists of an ePO server and an Agent Handler running v5.3.2.

The Agents are a mix of MA 5.0.6.220 and 4.8.0.1995 mainly. VSE is also a mix - 8.8.0.1445 (P6), .1804 (P9). HIPS is a mix of 8.0.0.4605 (P11), 8.0.0.4480 (P10) amongst others.

They are using tags to deploy the endpoints with 3 deployment tags for VSE, HIPS and DLP. SCCM pushes out the MA 5.0.6.220. There is a server task which runs a query (table format) looking for managed endpoints with no VSE installed, then applies a tag to deploy VSE. Step two runs a query to look for systems without HIPS installed and applies a tag to deploy HIPS. There are 12 steps in total in this single server task.

There are 12 UNC-style distributed repositories which are not used much.

So, what is happening is systems are receiving the tags but not necessarily all of the security products. Some have VSE and HIPS but no DLP. It's a bit chaotic. Then you also have the mix of around six or seven differnet patch levels. DLP however is mainly v11 P2 and some 9.3 clients.

The question is what is the best deployment strategy for this client/scenario?

I look forward to your suggestions, guys!

Cheers,

Nick

 

1 Solution

Accepted Solutions
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 5 of 6

Re: Robust Deployment Strategy for Multiple Products?

Jump to solution

There are a couple of ways this can fail.

1.  Agent issue:
masvc log will show client getting the task and invoking it.  Did it actually invoke?
mcscript log will show it downloading files from the repository and invoking the setup.  If it fails to get files from the repository, that needs investigating why.

2. point product issue:
once the mcscript log shows it handing off the install to the OS msiinstaller, then it is out of the hands of the agent.  Look then to the install logs for the point product in the windows\temp\mcafeelogs directory.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

5 Replies
McAfee Employee Hawkmoon
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Robust Deployment Strategy for Multiple Products?

Jump to solution

Hi Nick_B,

The versions you have before you will be creating issues all there own, updates (new versions) will be needed.

ePO will be able to deploy products to any estate, no matter how many products or clients you have however as I mention the versions you have are not going to help here.

MA 4.8 is not support.
MA 4.8 EOL page

  • MA5.0.6.220 has issues with policy and task operations. addressed in later HF releases.
    Version information for McAfee Agent 5.0.x
    Technical Articles ID: KB82105
  • VSE 8.8 p6 is out of data. [fyi: Documentation Correction: VirusScan Enterprise 8.8 Patch 6, 7, 8, and 9 Release Notes
    Technical Articles ID: KB85816]
    as is
    ePO 5.3.2, latest is p3, advised is ePO 5.9.x or higher!

DLP 9.3 (as v11 to a degree) shouldbe reviewed and actioned.

I'd suggest work to standardise the estate to near latest or latest versions (estate allowing) first, do so one product at a time.

Start with MA 4.8, for the reasons as I mention, look to replace MA 4.8 with v5.0.6.550 or if allowed v5.5.1 first.
Same goes for the v5.0.6.220 installs.
Upgrade VSE 8.8 p6/p9 to p11, or ENS 10.6 is allowed.
The various O/S installations, min Win7 are, unless this or that PP state otherwise, is ok, so little to worry about on that point.


  • Supported platforms, environments, and operating systems for McAfee products
    Technical Articles ID:   KB5110

 

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 3 of 6

Re: Robust Deployment Strategy for Multiple Products?

Jump to solution

To add to that, I would suggest just keeping it simpler.  Set up a scheduled task at my organization for each product deployment.  I would suggest a separate task for each product, run at slightly different times to allow for each to complete.  Set it as a daily schedule - it won't reinstall products that are already installed, but will check for them. 

There are some things to consider when planning some of the upgrades.  You might want to run the upgrade assistant to see if systems in your environment have a supported upgrade path for the versions you are going from/to.  There are some scenarios where there are some compatibility issues with older versions of the software. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Nick_B
Level 11
Report Inappropriate Content
Message 4 of 6

Re: Robust Deployment Strategy for Multiple Products?

Jump to solution

Hi cdinet,

Now this is exactly what I was getting at - the best approach with regard to deploying the various security products on the customer's estate.

I was used to having a single Product Deployment task containing a single product eg Deploy VSE which would contain the VSE 8.8 P11 "Install" package then I would set it at the My Organization level using tags - a Daily and a Run Immediately to cater for different scenarios. The Run Immediately would take care of the bulk of the work, more than likely and the Daily would help in situations where for example the product was uninstalled from the device in which case it would be re-installed and also, say where a device failed to install the product the first time round in which case a Run Immediately will never run again The Daily would take care of those guys!

The customer here, on the other hand has a number of Product Deployment tasks, using tags and the underlying tasks are things like such as "Deploy Update Package MA 5.06-VSEP8-HIPSP9" - and this task contains THREE seperate products! They are wondering why a lot of the systems have some products but not others!

Thanks for your input., I'll be creating separate tasks with a product in each.

Nick

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 5 of 6

Re: Robust Deployment Strategy for Multiple Products?

Jump to solution

There are a couple of ways this can fail.

1.  Agent issue:
masvc log will show client getting the task and invoking it.  Did it actually invoke?
mcscript log will show it downloading files from the repository and invoking the setup.  If it fails to get files from the repository, that needs investigating why.

2. point product issue:
once the mcscript log shows it handing off the install to the OS msiinstaller, then it is out of the hands of the agent.  Look then to the install logs for the point product in the windows\temp\mcafeelogs directory.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Nick_B
Level 11
Report Inappropriate Content
Message 6 of 6

Re: Robust Deployment Strategy for Multiple Products?

Jump to solution

Thanks Hawkmoon, for your valuable input. 

I am in the process of writing a Change Request to update the legacy 4.8 Agents to 5.5.0.447. Other Change Requests shall also be required.

I'll keep you posted!

Nick

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community