I've been reading through the release notes for ePO 5.3 and am beginning to get a plan together for upgrade.
However, after the debacle that was the v5 of McAfee Agent and the knock-on effect it had on encryption of dozens of endpoints, I'm now much, much more wary of throwing in with an early upgrade.
Has anyone else performed the upgrade yet and if so, were there any issues to report?
Hi Chris, I have upgraded two test EPO servers to 5.3 from 5.1 with all patches and hotfixes..
1) Test EPO 1, Windows 7 (unsupported), no active systems,basic products.
I upgraded it from EPO 5.1 with all patches, the process took longer than I expected, about 30 minutes.
2) Test EPO 2, Windows 2012 on VMware workstations, 2 active systems, numerous products checked in, not many events.
I ran into a problem when I first tried to upgrade, I found I had older software exemptions that were good enough for EPO 5.1 but not for 5.3.
McAfee ePolicy Orchestrator Product Compatibility Check
These products are incompatible with this ePO version; they must be removed or upgraded before ePO setup can continue:
McAfee Quarantine Manager 7.0.1 188.8.131.520 (MQM_____7000) - no known compatible version
McAfee Quarantine Manager 7.0.1 Reports 184.108.40.2060 (MQM7Reports) - no known compatible version
McAfee Security for Microsoft Exchange Reports 8.0 8.0.7905.119 (MSME80REPORTS) - requires McAfee Security for Microsoft Exchange Reports 8.0 8.5.8238.100
Security for Mac (Anti-Malware) 220.127.116.1131 (VSCANMAC9100) - no known compatible version
ePO may be upgraded with the below products installed, but their management extension will be disabled and should be upgraded when ePO starts after setup:
No incompatible products were found
I removed the old extensions and was able to upgrade to EPO 5.3
I upgraded it from EPO 5.1 with all patches, the process also took longer than I expected, about 1 hour and 20 minutes.
1) I would definitely recommend running the Compatibility check first. (in the install directory).
2) It would be good to get some feedback from others who have small EPO (a few hundred systems and less than 50,000 events) to see how long it takes.
My tests systems had relatively low resources, but it looks like if you have 30,000 plus endpoints and 6 months of events it will take hours or days ???
So I agree, proceed carefully.
Thanks for the feedback!
We'll be doing an upgrade on W2k8 from ePO 5.1.1, so hopefully the process will go smoothly. The extensions you highlighted are not in use in our environment, so happily there are no troubles there.
The time taken for the process to complete is a slight concern, but we're only relatively small (~60 servers and <200 endpoints), so again it shouldn't cause too much disruption if everything goes to plan.
Another observation, when running the EPO console from a remote browser, the sign on screen still indicated EPO 5.1, and the old colors, You have to clear browser content then it shows EPO 5.3 login.
This was using Firefox.
New EPO 5.3 sign on screen:
In my test with upgrading from ePO 5.11 to 5.3, I have seen the following two issues below.
1. Some of my purge tasks, that we had running as server tasks, no longer run. It appears that this upgrade removed the associating queries . I have seen someone else report this issue. These purge tasks are ones that I created to purge threat events like 1095 event.
2. I question the openssl versions. Our ePO 5.11 had openssl version 1.01m, after upgrading to 5.30 the version went to 1.0.1k which is an older version. Can't find a hotfix that mentions it supports 5.3
Will be testing ePO 5.12 next week to see if it has these type of issues.
I just made the up from ePO 4.6.8 to 5.3. Since I was on Server 2003, I decided to build a completely new server & database, and do a swap. We have 8,000ish client machines with VirusScan, HIPS, Hard Drive Encryption 7.0, EEFF 4.0, Nitro SIEM, Content Security Suite, and probably a few others I can't think of. The plan was to build the 5.3 environment with a temp name and IP Address, create place holders for special machines, import the policies and tasks. Then take down the 4.6 production server and move the 5.3 in to production. The client machines won't know the difference and will be able to communicate on their own.
At least that was the plan..... Actually it worked, almost. There was one gotcha. When the 5.3 server was renamed, ePO 5.3 was smart enough to realize the name changed and modified the Site List and most of the configurations. I was happy. However, the clients were not reporting in. After several hours on the phone with support, we figured out that a certificate needed to be regenerated located in Apache2\conf\SSL.Crt.
See Step #13 McAfee KnowledgeBase kb66616 -
My Nitro SIEM is also no longer getting events from ePO, although everything is connecting just fine. Probably going to be calling support again.
I was worried about Hard drive encryption -- but no issues. I'm keeping the old production environment for at least 6 months just in case I need encryption keys or something.