cancel
Showing results for 
Search instead for 
Did you mean: 

Upgrading ENS from 10.5 to 10.6 best practices

Hi everyone

 

What I want to do:

I need to evaluate Windows 10 1803 (April 2018 update) on a few workstations and based on McAfee link https://kc.mcafee.com/corporate/index?page=content&id=KB85784&viewlocale=en_US, I need to update McAfee ENS on my workstations from 10.5 to 10.6.

ENS 10.6 is currently available in Software Manager in EPO ready to be Checked IN

I want to deploy ENS 10.6 to only a few selected workstations to test it first. Once I'm happy with ENS 10.6, I will then deploy to my production workstations.

 

 

I have the following in my environment:

  • EPO 5.9.1
  • McAfee Agent 5.5
  • Data Exchange Layer client 4.0.0.450
  • McAfee Endpoint Security Platform 10.5.0.3178
  • McAfee Endpoint Threat Prevention 10.5.0.3264
  • McAfee Endpoint Security Adaptive Threat Protection 10.5.0.3113
  • Win 10 OS Enterprise 1703 and 1709
  • 1 McAfee Agent General Policy shared by workstations and servers

          mcafeeagentpolicy.PNG

  • 1 Assigned Client Task to install ENS 10.5 immediately to all machines with a Workstation tag

 

Questions:

What is the best way for me to deploy ENS 10.6 on some test workstations first?

If I check in ENS 10.6 into current branch in Software Manager, will this automatiicaly upgrade ENS on all my production machines because of my policy and client task above? I'm paranoid that if I check in ENS 10.6 into the Current Branch, it will immediately and automatically update ENS on all my workstations and servers.

 

Thanks

 

 

 

 

 

 

 

 

 

 

 

 

 

6 Replies

Re: Upgrading ENS from 10.5 to 10.6 best practices

Your clienttask will no longer work as you replace 10.5 with 10.6 in current branch and so the link between task and current branch gets invalid. Despite you are using Update-Packages - then they would be pulled from current branch and update all of your clients.

However I would suggest to check in 10.6 to eval branch, create a new clienttask to install 10.6 from eval and then use a tag for the clienttask assignment.

This allows you to leave all your tasks in place just where they are and systems that "enter" your ePO in the meantime will get everything needed just as you configured it. Also all the testclients can stay in the same OU and there is no need to shuffle them around.

After succesfull testing you can move 10.5 to previous branch and 10.6 to current, update the clienttasks, remove the tag dependencie and you are ready for global rollout.

Best regards
Dan

Re: Upgrading ENS from 10.5 to 10.6 best practices

Hey Daniel_S, thanks for the reply...can you please clarify the below in RED.

 

Your client task will no longer work as you replace 10.5 with 10.6 in current branch and so the link between task and current branch gets invalid. Despite you are using Update-Packages - then they would be pulled from current branch and update all of your clients.

What do you mean by that? Are you saying that because of the current McAfee Agent Updates Policy i have, once I check in ENS 10.6 into Current Branch, all my machines will automatically download and install ENS10.6? 

 

However I would suggest to check in 10.6 to eval branch, create a new clienttask to install 10.6 from eval and then use a tag for the clienttask assignment.

Can i instead check in 10.6 into Eval. Then create a client task but DO NOT create a client task assignment. I can then select some test machines manually and run the 10.6 install client task?

This allows you to leave all your tasks in place just where they are and systems that "enter" your ePO in the meantime will get everything needed just as you configured it. Also all the testclients can stay in the same OU and there is no need to shuffle them around.

After succesfull testing you can move 10.5 to previous branch and 10.6 to current, update the clienttasks, remove the tag dependencie and you are ready for global rollout.

 

Thanks again

 
Highlighted

Re: Upgrading ENS from 10.5 to 10.6 best practices

As for the first question,

it just depends if it is a full install package or an update package. I don´t know if there is an update package, but you can clearly see it. Update packages will, in your environment, be deployed when you check them in into current as you policy states that.

For the second question - sure that would be another way to do it. More manual work though.

Best regards
Dan
PhilR
Level 12
Report Inappropriate Content
Message 5 of 7

Re: Upgrading ENS from 10.5 to 10.6 best practices

 

It's a full install.

Tagging is definitely the way to go.

Check in the 10.6 bundle into the evaluation branch.

Create a deployment task for ens 10.6, assign task to wherever in the tree you want, and set tag criterion to run if "deploy ENS 10.6" tag is set.

Change your other AV deployment task assignments not to run if the deploy ens 10.6 tag is set.

Enjoy.

Have deployed ENS 10.6 this way over Virusscan 8.8 and ENS 10.5.4 without any issues here.

Cheers,

 

Phil

Re: Upgrading ENS from 10.5 to 10.6 best practices

Hi PhilR

Thanks for the reply.

I only want to install ENS 10.6 on 10 workstations as a pilot test.

This is what I think I'll do based on my requirements.

 

  1. Check ENS 10.6 into Evaluation Branch in Software Manager
  2. Create a Product Deployment for ENS10.6 in Client Task Catalog
  3. Then manually deploy ENS10.6 to 10 pilot worksations.

 

The only thin I'm not 100% sure is when it's time to deploy to the rest of my production workstations.

Do I simply change the ENS 10.6 from Eval to Current in Master Repository? Is this enough?

Or do I need to create another Product Deployment?

 

 

 

Re: Upgrading ENS from 10.5 to 10.6 best practices

You need to modify the the task as the product is no longer in eval-branch then and will show just an empty line. Just fix that and you are ready to go.

Best regards
Dan