7 Replies Latest reply on Jun 16, 2017 4:32 AM by aerialjibe

    How to install Endpoint Security for Linux Threat Prevention 10.2.1

    aerialjibe

      Hi,

       

      I want to install Endpoint Security for Linux Threat Prevention 10.2.1.

      When I check the release Notes, I find the following installation instruction: McAfee Corporate KB - How to install Endpoint Security for Linux Threat Prevention 10.2.1 KB88983

       

      For ePO this says:

      Check in the package to ePO: 

      • Check in the package using Software Manager: 
        1. Log on to the ePO console as an administrator.
        2. Select Menu, Software, Software Manager.
        3. From the Product Categories list under Software (By Label), select McAfee Endpoint Security For Linux 10.2, and from the Component section, select the package McAfee Endpoint Security for Linux 10.2.1 (Patch 1).
        4. Click Check in.
        5. On the Summary page, accept the McAfee End User License Agreement, and then click OK.

       

      When I check the Software manager:

      -  I don't see an installer package  McAfee Endpoint Security for Linux 10.2.1 (Patch 1) ?  I cannot find it on the download site either. Maybe 10.2.1 is only available as a Patch and not as an installer with patch included? Then why says the documentation otherwise?

      -  When I look at the updater package Patch 1. The version number is wrong ?  10.2.0.1? Or is this some older patch1 version? The Standalone version is called 10.2.1?

       

      Does someone have info on this?

       

      PS: I read somewhere that McAfee, since split off from Intel Security and using the McAfee name again, would spend more effort on the quality of SW and documentation....? 

       

      With Kind regards,

      Jacques

       

        • 1. Re: How to install Endpoint Security for Linux Threat Prevention 10.2.1
          Richard Carpenter

          Hi jacques.denissen 


          I'll take a look at my lab build and open up the pack to identify the version number in the patch release. 


          I'll be in touch soon. 


          Regards

          Rich

          McAfee Volunteer Moderator - Business Products

          • 2. Re: How to install Endpoint Security for Linux Threat Prevention 10.2.1
            aerialjibe

            Hi Richard,

             

            Any news on this item?

             

            Thanks,

            Jacques

            • 3. Re: How to install Endpoint Security for Linux Threat Prevention 10.2.1
              johnmoe

              I've had a look on my system, and yeah, McAfee version numbers, especially where patch levels are concerned, are... frustrating, to be polite.  "10.2.0.1" means "10.2.0 patch 1", but if the number were much larger (say > 100), then that fourth number is a build number, not a patch number; hence 10.2.0.642 is actually a "lesser" version than 10.2.0.1.

               

              Here's Software Manager on my system, showing much the same as yours:

              And here's how a deployed system looks in the system tree:

              And here's the command line on the same system:

              • 4. Re: How to install Endpoint Security for Linux Threat Prevention 10.2.1
                aerialjibe

                Hi John Moe,

                 

                I see that you installed the patch 1 update.

                I have no history on supporting Linux systems but for Windows McAfee would provide a new installer package with Patch 1 included and beside that an update package to update current systems to 10.2.1.

                 

                If I check-in the McAfee Endpoint Security for Linux 10.2.0 Patch1 epo package, I am getting the update ability.

                 

                I want to deploy new Linux systems with 10.2 with P1 included. That's the package I am looking for.

                 

                For now I will install new systems with 10.2.624 and update them to p1 afterwards.

                 

                Thanks for your time!!

                • 5. Re: How to install Endpoint Security for Linux Threat Prevention 10.2.1
                  johnmoe

                  The first screenshot I posted shows that it's a package, not a patch; it'll install a new system, or upgrade an existing one.  No need to install 10.2.0.624 first, just deploy the patch 1 package.

                  • 6. Re: How to install Endpoint Security for Linux Threat Prevention 10.2.1
                    aerialjibe

                    Hi Johnmoe,

                     

                    I don't understand or do something wrong then?

                     

                    I have checked in the 10.2.0.0 P1 package.... But when I create an deployment task, this package is NOT available. I can only install it as an Update task.

                    So how would I be able to deploy 10.2.0.0 P1 to a clean system?

                     

                    Regards.

                    • 7. Re: How to install Endpoint Security for Linux Threat Prevention 10.2.1
                      aerialjibe

                      Hi,

                       

                      My Unix colleagues looked in to this. We found:

                       

                      After a reboot of a RHEL/CentOS 6 or 7 system, the
                      /opt/isec/ens/threatprevention/bin/isectpd processes are not started.

                      Messages
                      in /opt/isec/ens/threatprevention/var/isectpd.log:

                       

                      Jun12 05:00:25 ovl-was09-v.ocevenlo.oce.net INFO AMQuarantineRestoreManager [1178] Quarantine directory successfully changed to /Quarantine/

                      Jun12 05:00:26 ovl-was09-v.ocevenlo.oce.net INFO AMEngineQuickInit [1178] AVEngine(5900.7806) initialised with DAT 8550.0

                      Jun12 05:00:26 ovl-was09-v.ocevenlo.oce.net ERROR ENSLMain [1178] Exception raised when registering with ESP

                      Jun12 05:00:26 ovl-was09-v.ocevenlo.oce.net ERROR ENSLMain [1178] Connect failed

                      Jun12 05:00:26 ovl-was09-v.ocevenlo.oce.net INFO AMQuarantineRestoreManager [1588] Quarantine directory successfully changed to /Quarantine/

                      Jun12 05:00:26 ovl-was09-v.ocevenlo.oce.net INFO AMEngineQuickInit [1588] AVEngine(5900.7806) initialised with DAT 8550.0

                      Jun12 05:00:26 ovl-was09-v.ocevenlo.oce.net ERROR ENSLMain [1588] Failed to store engine and dat version to config store

                      Jun12 05:00:26 ovl-was09-v.ocevenlo.oce.net ERROR ENSLMain [1588] AMExceptionraised while Threat Prevention FM was running - Failed to store engine and dat
                      version to config store

                       

                      This problem was solved by putting a sleep of 5 seconds at the end of script
                      /opt/isec/ens/threatprevention/bin/kernelModuleControlWrapper.sh

                       

                      ………

                      checkKernelModuleSupportAndUpdatePrefXml

                      checkIsOASSupportedAndUpdatePrefXml

                      sleep 5

                      exit
                      0

                       

                      Please McAfee... correct this. 

                      Our  UnixTeam is not going to adjust this manually or with some scripting. This should be corrected in the McAfee Software.

                       

                      Regards,

                      Jacques