7 Replies Latest reply on Jan 8, 2010 5:52 PM by rphillips

    Few doubts about the ePolicy Orchestrator

      Hi, I have a few doubts about the ePolicy Orchestrator:


      is it mandatory to install it on a Domain computer?


      All what I need is to allow clients computers having MacAfee Enterprise V 8.5.0i Antivirus to

      update their DAT file definition from one (central) location (server) which is already have windows 2003 Server SP2.

        • 1. Re: Few doubts about the ePolicy Orchestrator

          ePO does not have to be installed on a domain computer (although it can make things easier).


          If your ONLY goal is to have a local repository for DAT updates then you don't have to use ePO you can simply define a VSE Mirror task and use VSE to create/update a local repository. ePO offers many many more features than a simple repository (such as policy management, centralized reporting, email notifications, etc).

          1 of 1 people found this helpful
          • 2. Re: Few doubts about the ePolicy Orchestrator


            Thanks a lot for your replay, actually am not familiar with MacAfee products coz we were using SYMANTEC Corporate Edition for a years. Recently we decided to move to MacAfee, that’s why I may ask some basic questions.

            My main agenda now is to Install VSE 8.5.0i & update all clients computers in our Head office later on I can go through the features of EPOS.

            I have done this till now :
            - EPO Server & VSE 8.5.0i are installed successfully in one machine.
            - VSE 8.5.0i is installed on most of the Computers at our office.

            Now by Deploying common management agent or installing it on those clients I will be able to connect them to the EPOS?

            I want clients computers to update their DAT through EPOS only which I already configured by setting the (Update Master Repository).

            idont want these clients to update from Internet, is there any more settings need to be done to achieve this ?

            • 3. Re: Few doubts about the ePolicy Orchestrator
              Attila Polinger

              Hi Yasin,


              Once ePO server is installed and some of the client computers have VirusScan 8.5 installed on, then the next step would be these (just roughly)


              1. Define the McAfee Agent policy and define the update repositories and their order, etc. on the ePO server.

              2. Decide on the method you will push the agent onto clients. You can choose ePO deployment or you can choose a third party deplyoment tool such as SMS or can even manaully install. When you not use ePO you must locate the agent installer called Framepkg.exe under ePO install dir, and use this file for third party deployment.

              3. If you choose agent deployment through ePO, then populate the ePO dir by whichever means you want (AD or manual import). Then create a deplyoment task an configure it.

              4. The deployment task runs at the interval you defined and installs the agent onto the clients as read from the ePO directory.


              Once the CMA is installed and working, it will find the ePO server and downloads the CMA policy which includes the repositories, their order and whether they are enabled or not.

              Also will download any other policy that can be applied to a McAfee product that is runing on the client. So configure VirusScan policies beforehand.





              1 of 1 people found this helpful
              • 4. Re: Few doubts about the ePolicy Orchestrator



                I agree with Attila Polingerposting, but I wanted to add one thing. There will need to be a client task created for the machines that will tell the machines under management when to update the dats and engines etc.  In the console select the System Tree icon. Now choose a group or container from the left where you would like to create the task. This could be the "My Organization" group or a group named after your Active Directory OU.  On the right hand side click on the horizontal menu bar and select client task.  Now click new task near the bottom. This will start a wizard. You can name the task something meaningful like "dat updates" etc. for the type of task click the drop down and select product update. You will now have the option to configure what type of updates you want ePO to allow the agents to pull. You can click next and schedule when the updates are to run. Once configured how you like click save. The machines that have the agents installed will learn of this new task when they communicate back in. By default 60 minutes.




                1 of 1 people found this helpful
                • 5. Re: Few doubts about the ePolicy Orchestrator

                  Thanks a lot guys I really appreciate,

                  I have one more question regarding the Lost&Found group.

                  I have installed the EPO on tow machines for testing only, always the EPO machine goes to the Lost&Found group
                  but when I add any client computer to this EPOS it goes to organization !!!

                  why EPOS appear in the Lost&Found and not in the organization group.? is it normal?

                  • 6. Re: Few doubts about the ePolicy Orchestrator

                    Lost&Found is where clients go when they don't know where else the should go. If you don't have any sorting criteria setup and you manually install an agent on a client it will appear in the lost&found.

                    • 7. Re: Few doubts about the ePolicy Orchestrator

                      Make sure you have taks setup the way you want them, Either add tags or deploy from the group you want them in to begin with.


                      If you dont have sorting or tag's setup the ePO dosent know where to put them so it will automatically put them in the L&F