cancel
Showing results for 
Search instead for 
Did you mean: 

ePO Upgade to 5.3

Morning all,

I've been reading through the release notes for ePO 5.3 and am beginning to get a plan together for upgrade.

However, after the debacle that was the v5 of McAfee Agent and the knock-on effect it had on encryption of dozens of endpoints, I'm now much, much more wary of throwing in with an early upgrade.

Has anyone else performed the upgrade yet and if so, were there any issues to report?

Cheers,

Chris

5 Replies

Re: ePO Upgade to 5.3

Hi Chris, I have upgraded two test EPO servers to 5.3 from 5.1 with all patches and hotfixes..

1) Test EPO 1, Windows 7 (unsupported), no active systems,basic products.

    I upgraded it from EPO 5.1 with all patches, the process took longer than I expected, about 30 minutes.

2) Test EPO 2, Windows 2012 on VMware workstations, 2 active systems, numerous products checked in, not many events.

   I ran into a problem when I first tried to upgrade, I found I had older software exemptions that were good enough for EPO 5.1 but not for 5.3.

   Results below:

______________________________________________________________________

McAfee ePolicy Orchestrator Product Compatibility Check

************

These products are incompatible with this ePO version; they must be removed or upgraded before ePO setup can continue:

McAfee Quarantine Manager 7.0.1 7.0.1.1320 (MQM_____7000) - no known compatible version

McAfee Quarantine Manager 7.0.1 Reports 7.0.1.1370 (MQM7Reports) - no known compatible version

McAfee Security for Microsoft Exchange Reports 8.0 8.0.7905.119 (MSME80REPORTS) - requires McAfee Security for Microsoft Exchange Reports 8.0 8.5.8238.100

Security for Mac (Anti-Malware) 9.1.0.3031 (VSCANMAC9100) - no known compatible version

************

ePO may be upgraded with the below products installed, but their management extension will be disabled and should be upgraded when ePO starts after setup:

No incompatible products were found

_____________________________________________________

I removed the old extensions and was able to upgrade to EPO 5.3

I upgraded it from EPO 5.1 with all patches, the process also took longer than I expected, about 1 hour and 20 minutes.

Early Observations/recomendations

1) I would definitely recommend running the Compatibility check first. (in the install directory).

2) It would be good to get some feedback from others who have small EPO (a few hundred systems and less than 50,000 events) to see how long it takes.

    My tests systems had relatively low resources, but it looks like if you have 30,000 plus endpoints and 6 months of events it will take hours or days ???

3) Some screen shots of the new features are found in .

So I agree, proceed carefully.

Thanks

Re: ePO Upgade to 5.3

Thanks for the feedback!


We'll be doing an upgrade on W2k8 from ePO 5.1.1, so hopefully the process will go smoothly.  The extensions you highlighted are not in use in our environment, so happily there are no troubles there. 

The time taken for the process to complete is a slight concern, but we're only relatively small (~60 servers and <200 endpoints), so again it shouldn't cause too much disruption if everything goes to plan.  

Re: ePO Upgade to 5.3

Another observation, when running the EPO console from a remote browser, the sign on screen still indicated EPO 5.1, and the old colors, You have to clear browser content then it shows EPO 5.3 login.

This was using Firefox.

New EPO 5.3 sign on screen:

Thanks

Reliable Contributor twenden
Reliable Contributor
Report Inappropriate Content
Message 5 of 6

Re: ePO Upgade to 5.3

In my test with upgrading from ePO 5.11 to 5.3, I have seen the following two issues below.

1. Some of my purge tasks, that we had running as server tasks, no longer run. It appears that this upgrade removed the associating queries . I have seen someone else report this issue. These purge tasks are ones that I created to purge threat events like 1095 event.

2. I question the openssl versions. Our ePO 5.11 had openssl version 1.01m, after upgrading to 5.30 the version went to 1.0.1k which is an older version. Can't find a hotfix that mentions it supports 5.3

Will be testing ePO 5.12 next week to see if it has these type of issues.

Re: ePO Upgade to 5.3

I just made the up from ePO 4.6.8 to 5.3. Since I was on Server 2003, I decided to build a completely new server & database, and do a swap. We have 8,000ish client machines with VirusScan, HIPS, Hard Drive Encryption 7.0, EEFF 4.0, Nitro SIEM, Content Security Suite, and probably a few others I  can't think of.  The plan was to build the 5.3 environment with a temp name and IP Address, create place holders for special machines, import the policies and tasks. Then take down the 4.6 production server and move the 5.3 in to production.  The client machines won't know the difference and will be able to communicate on their own.

At least that was the plan..... Actually it worked, almost. There was one gotcha. When the 5.3 server was renamed, ePO 5.3 was smart enough to realize the name changed and modified the Site List and most of the configurations. I was happy. However, the clients were not reporting in.  After several hours on the phone with support, we figured out that a certificate needed to be regenerated located in Apache2\conf\SSL.Crt.

See Step #13 McAfee KnowledgeBase kb66616 -

My Nitro SIEM is also no longer getting events from ePO, although everything is connecting just fine. Probably going to be calling support again.

I was worried about Hard drive encryption -- but no issues.  I'm keeping the old production environment for at least 6 months just in case I need encryption keys or something.

Good Luck!

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community