I have a test environment where I'm testing out HIPS HF's and patches and even though I've checked them into the evaluation branch and my global product update task for the machine is set as below:
On a brand new machine, I'm just running a straight up clean product deployment task with just VSE 8.8P2 & HIPS 8 P1 Full install and when I set it to deploy right away, when I go to the target machine, it installs both but after installation, shortly, it installs the HF's and patches for HIPS. I do not want it to update the HF's and patches since I'm trying to put those in a separate product update task but for some reason, it keeps updating right away.
I've verified that where the machine is sitting on in the ePO tree, there is no other client task that could be updating the HIPS.
Log on to the ePO console.
Click the Settings tab.
Click No in the Enable global updating section.
Click Apply Settings to save the changes and close Server Settings.
Disable Selective Updating for VSE
Ensure the client systems do not have any local update tasks enabled with the default settings
But I checked my ePO, it has global updating disabled already. As of the disabling of default update task, I disabled that and will see if it deploys the patches. Since I disabled that option, would that mean if the clients do not contact the ePO (ie traveling, etc) then they can't update their DATs from McAfee's servers?
You cannot do this with the current version as i posted this here: https://community.mcafee.com/message/264524#264524
alexn ....... comment on global updating does not disable patches or service packs due ot the way EPO is designed. The only way to control this is to use branches, disable updating altogether or use the manual update task on each machine.
Appreciated your comment.I would love to explain how global updating triggers patches or service packs update.The Global Updating functionality is accessible from the Settings tab when the ePO server is selected in the console tree. Global Updating displays the same list of products as Selective Updating but functions in a different way. The list of products in Global Updating is NOT a selective update list. It determines which item begins a Global Update task, not which products are updated. When a Global Update has been initiated, this triggers a One-Click update.
A One-Click update (from the ePO or VSE system tray icon) does not use the configurations of update tasks. It checks for all available updates in the Repository and applies any patch or Service Pack found for each listed product.
further i am investigating more about your issue and will love to assist you more,
What are you trying to do with EPO, i raised with with McAfee and must have spoke to a countless number of people about it as this current version of deployment and lack of control is not really suitable for a large environment and the thought of a new patch being checked into current applying to thousands of servers running business critical apps is scary.
This is fixed in epo 5 which allows much better control but a lot of management.
Thanks for pointing me to your thread a13xchan, this is precisely what I'm looking for. I am surprised how other larger customers are dealing with patch upgrades such as this. This has got to be the biggest failure to control. I agree, the reason why I'm bringing this up is because HIPS patch2 caused BSOD's in our small test environment and McAfee verfiied it was caused by a conflict with the new Patch2 and our VPN software.
Fortunately, they released a pre-HF to prevent the BSOD prior to installing Patch2, hence why I wanted to make sure the exact sequence occured and so that Patch2 would not be installed prior to the HF being implemented first. This will be a colossal failure if Patch 2 gets deployed first upon simply checking it into the repository....Message was edited by: vsecgod on 2/28/13 11:17:13 AM CST