Showing results for 
Search instead for 
Did you mean: 
Level 7

Updating VSE with Epo

Hi all, I recently inherited administration of all things McAfee at my company, unfortunately, I'm running into a few problems that I can't seem to find answers to.

First issue I have is that we have nearly 5000 machines running out of date versions of VSE, and I can't figure out how to get them to update.

At the most basic level I can select a machine with an old version, run client task now, choose to install VirusScan Enterprise; Branch: current and tell it to run task now. I can then watch the server task log as well as the mcafee agent activity log and see that communication happens and everything says it completed successfully. Unfortunately, the VSE enterprise version doesn't update.

I can try installing manually on a computer, but it just tells me its already installed and doesn't install. I can also try using product update instead of product deployment, but that also appears to have no effect.

If I remove VSE and then install fresh, it works fine, but I'd rather not have to do that for so many computers, especially when I can't roll it into the same task.

So, tl;dr: how do I update vse to without uninstall/reinstall?

P.S. I guess I'm not sure if this belongs in the epo forum, if not, let me know where to ask instead, ty.

0 Kudos
1 Reply
Level 12

Re: Updating VSE with Epo

Yeah, you've stumbled onto one of the most confusing elements of ePO.  I'm about six months removed from being an active ePO admin, so my terms may be slightly off, but here's the distinction:

For VSE, there are two types of installers.  Full installers and update installers. 

Full installers install VSE on systems that do not currently have VSE, and are deployed through client deployment tasks.

Update installers upgrade VSE on systems that do currently have VSE, and are deployed through product update tasks.

For client deployment tasks, you specify which version (i.e. which branch, Previous, Current, or Evaluation) you're going to use for that deployment task when you build the task.  Pretty simple.

For product update tasks, the branch to which the product will update is determined by a McAfee Agent policy.  The Agent policy points to a branch, and when the product update task runs, it determines whether or not it needs to download and install that update patch.

For example, let's say you have VSE 8.8 Patch 8 checked in to the Current branch in the master repository, and VSE 8.8 Patch 9 checked in to the Evaluation branch in the master repository.  You want to update a server from Patch 8 to Patch 9.  You would need to modify that system's McAfee Agent policy to look at the Evaluation branch for VSE updates, then initiate an Agent check-in so that new Agent policy is loaded onto the server.  Then, you would run a Product Update task, which would pull down the Patch 9 installer and run it.

Alternatively in this scenario, you could move the Patch 8 installer to the Previous branch and the Patch 9 installer to the Current branch.  Then, this server would grab the Patch 9 update installer without needing a modification to its Agent policy.  However, you do run a risk that other systems are set to update from the Current branch and have scheduled Product Update tasks that update VSE.  If that's the case, you may accidentally release Patch 9 to systems unintentionally (not that I've ever done this...).

So I hope that clears it up.  It's a bit confusing, especially since many other McAfee products such as TIE and DXL update with client deployment tasks, not product update tasks.

0 Kudos