Our practice is to prepare a VirusScan Enterprise custom install set using Installation Designer, on a fully functional and properly (EPO) managed workstation. During creation of the custom package, we leave the "Update product at the end of installation" checkbox set.
Because you prepare the custom package on a managed workstation, the package will contain the proper sitelist.xml (although you can edit that during creation). Use this package when creating the XP images or when pushing VSE onto clients.
In order for us to avoid potential duplicate McAfee Agent GUIDs - we use ePO 4.0 environment still - the image does not actually contain VSE, but once a computer is imaged, one last step is to install VSE using this custom package through scripted install. This ensures that all clients is up to date at the end of imaging process, without duplicate GUIDs.
Of course if you cannot fully adopt this practice regarding imaging, another option could be to set the default AutoUpdate task in the VSE custom package to something like "When logged in", etc. so that when the image actually burned to a client and the user logs in, the update happens. Your central AV policy nevertheless can disable the default AutoUpdate on client, but when it does so, the update already happened.
Thanks for that. It was just what I was looking for. I haven't really explored the Installation Designer, does this deploy the agent as well as VSE for you?
1 of 1 people found this helpful
Installation Designer allows you to embed in a single custom VSE package (.MSI) the Framepkg.exe, any new DAT/engine set, any VSE Patch and more. Be sure to use the Installation Designer version that matches VSE version, i.e. there is a separate ID 8.7 for VSE 8.7, ID 8.5 for VSE 8.5 etc. You cannot - I think - use ID 8.5 for VSE 8.7 and the other way around.
Installation Designer should be available among the products that you can access on McAfee dowloand site with your grant number in the product suite that contains VirusScan.
Only Installation Designer 8.7 allows you to prepare an ePO 4 or ePo 3.6 package. Earlier ID versions did not support this (although in my experience this only means putting a signature in the package so ePO can say "This package is signed").