3 Replies Latest reply on Jan 28, 2010 12:02 AM by Attila Polinger

    How to get new machines up-to-date?

      We have a set of xp images that we use to roll out new machines.  The images have a version of VSE (normally 8.5 or 8.7) and an agent (normally 4.0 or 4.5).


      The problem we are having is that the machines take a long time to get up to date.  When the machine first boots up and contacts ePO (v4.5) it reports the versions it is using and therefore is out of date.  If we leave the machine on the network for a few hours it updates and reports back as being 'compliant'.  Does anyone know if there is a way of making this a little quicker. ie Once the machine has reported in as out-of-date then it will instantly update and reports back once it's done.


      Currently we have :

           AD import task that runs every 15 minutes

           Agent to Server Communication is 1 hour

           Policy Enforcement Interval is 5 mins


      Is there a way to remove the delay without turning the Agent to Server communication up a bit?

        • 1. Re: How to get new machines up-to-date?
          Attila Polinger

          Our practice is to prepare a VirusScan Enterprise custom install set using Installation Designer, on a fully functional and properly (EPO) managed workstation. During creation of the custom package, we leave the "Update product at the end of installation" checkbox set.


          Because you prepare the custom package on a managed workstation, the package will contain the proper sitelist.xml (although you can edit that during creation). Use this package when creating the XP images or when pushing VSE onto clients.


          In order for us to avoid potential duplicate McAfee Agent GUIDs - we use ePO 4.0 environment still - the image does not actually contain VSE, but once a computer is imaged, one last step is to install VSE using this custom package through scripted install. This ensures that all clients is up to date at the end of imaging process, without duplicate GUIDs.


          Of course if you cannot fully adopt this practice regarding imaging, another option could be to set the default AutoUpdate task in the VSE custom package to something like "When logged in", etc. so that when the image actually burned to a client and the user logs in, the update happens. Your central AV policy nevertheless can disable the default AutoUpdate on client, but when it does so, the update already happened.

          • 2. Re: How to get new machines up-to-date?

            Hi Attila,


            Thanks for that.  It was just what I was looking for.  I haven't really explored the Installation Designer, does this deploy the agent as well as VSE for you?

            • 3. Re: How to get new machines up-to-date?
              Attila Polinger

              Hi Matt,


              Installation Designer allows you to embed in a single custom VSE package (.MSI) the Framepkg.exe, any new DAT/engine set, any VSE Patch and more. Be sure to use the Installation Designer version that matches VSE version, i.e. there is a separate ID 8.7 for VSE 8.7, ID 8.5 for VSE 8.5 etc. You cannot - I think - use ID 8.5 for VSE 8.7 and the other way around.


              Installation Designer should be available among the products that you can access on McAfee dowloand site with your grant number in the product suite that contains VirusScan.

              Only Installation Designer 8.7 allows you to prepare an ePO 4 or ePo 3.6 package. Earlier ID versions did not support this (although in my experience this only means putting a signature in the package so ePO can say "This package is signed").



              1 of 1 people found this helpful