First of all ePO 3.6 is not yet supported by McAfee.
There's a big difference between ePO 3.6 and 4.0-4.5, it now uses web interface instead of MMC and a lot of enhancements
As stated, ePO 3.6.1 is out of support.
The latest version is ePO 4.5
There are many, many improvements, you will find them listed in the readme.html for the release.
For ePO 4.0
The ePolicy Orchestrator software has moved from the Microsoft Management Console (MMC) to a web-based architecture.
The ePolicy Orchestrator software now includes a native query and report system. Included with this release are default queries and the Query Builder wizard, which allows you to easily create and edit queries. Unlike reports in previous versions, results are actionable. For example, you can run a query on systems whose agents haven't communicated with the server in a certain amount of time, then send an agent wake up call to those systems. Additionally, queries can be run on a schedule.
Multi-server rollup reporting
If you are running multiple ePO servers, you can now run a query against summary data from each. By registering the other ePO servers with the local one and running a data roll-up server task, summary data is retrieved and ready for queries based on any of the rolled-up data result types of the querying system.
Easily create dashboards that contain multiple monitors. Create monitors for any chart-based query, or select one of the default monitors included with this release.
Active Directory synchronization
Create, populate, and update the System Tree structure with your Active Directory structure and system placement.
Tags are like labels you assign (one or more) to one or more systems manually or based on criteria at agent-server communication. With tags, you can automatically place systems in the System Tree based on any combination of system properties by using criteria-based tags and parallel sorting criteria. Additionally, you can create and run queries on systems based on the tags applied to them.
With this release, you can assign very granular sets of permissions — for products and features — to any user.
Chainable server tasks
With this release, you can chain server task actions and subactions within a single task. For example, you can schedule a single server task that runs a pull task, followed by a replication task, and then runs a query against the update status of the distributed repositories and send the results to you via email.
Support for SQL 2005 Native Mode has been added.
Support for VMware Virtual Infrastructure 3 (ESX Server 3.0.x) and Microsoft Virtual Server 2005 R2 has been added.
The complete user interface is now available in the Simplified Chinese, Traditional Chinese, and Korean languages.
Clustering is supported in this release. For instructions on installing a cluster as part of a first-time installation, see the installation guide. For instructions on installing a cluster as part of an upgrade, see article KB 613778
For ePO 4.5
The ePolicy Orchestrator 4.5 software supports enhanced scalability through the use of remote Agent Handlers. Agent Handlers can be installed on the servers where agents connect to retrieve policies, client actions, and updates. Agents can also use Agent Handlers to send properties and events to your primary ePO server.
Support of multiple Agent Handlers enables one ePO server to manage a larger set of installed products on a larger set of managed systems. Agent Handlers can be deployed to strategic points in your network environment, enabling management of systems that cannot access the main ePO server directly. They can also be used in locations where the ePO server can be accessed directly.
Custom data channel
The custom data channel is a bi-directional channel for sending product-specific data between ePolicy Orchestrator and the products on your managed systems. This feature allows McAfee to provide UI actions, which are used when troubleshooting with real-time feedback. These actions are designed to operate on a single system, while providing real-time status to your ePO administrators. The Update Now command, which allows you to update a managed system on demand, is an example of this feature.
Improved security for agent-server communication
Agent communication with the ePO server now uses TLS (Transport Layer Security) protocol for improved security.
Move agents between servers
You can now move agents from one ePO server to another with the Transfer Systems feature.
The navigation for the ePO console has been redesigned for the 4.5 release. Now you can access any of the first-level ePolicy Orchestrator tabs from the new ePO Menu. You can also add the pages you use most frequently to the favorites bar: simply drag any entry in the Menu and drop it onto the favorites bar to the right of the Menu.
You can use drag-and-drop functionality to move certain objects in the interface. You can:
Add Menu items to the favorites bar.
In tables, add commonly used actions from the Actions menu to the Action bar.
Using the Systems table, move selected systems or groups of systems to a different group in the System Tree.
In the System Tree, move groups and subgroups into other groups.
Policy Assignment Rules
ePolicy Orchestrator 4.5 allows you to assign policies to unique groups or to individual users through the use of Policy Assignment Rules. This feature enables policy assignment based on the Active Directory groups that users belong to, instead of the system they are using. You can include individual users, groups, and Organizational Units (OUs) in a rule. You can also exclude specific users from a rule. McAfee SiteAdvisor Enterprise 3.0 is the first managed product to leverage this feature.
The new Automatic Responses feature replaces the Notifications feature. This new feature allows you to create rules for responding to events that are specific to your business environment. Available actions include:
Sending email notifications.
Sending SNMP traps.
Creating issues for use with integrated third-party ticketing systems.
Running a registered executable or server task.
ePolicy Orchestrator 4.5 is fully compatible with IPv6 in both native and mixed environments, including:
Mixed IPv4 and IPv6
ePolicy Orchestrator 4.5 supports LDAP (Lightweight Directory Access Protocol) through the use of Active Directory servers. This version of ePolicy Orchestrator allows closer integration with Active Directory servers so that you can:
Assign permission sets to users based on their Active Directory group.
Browse your Active Directory server for users or groups when creating Policy Assignment Rules.
Automatically assign administrator rights to users when they log on with their Active Directory domain credentials.
Issues and ticketing
ePolicy Orchestrator 4.5 provides basic issues management and bi-directional integration with these third-party ticketing systems:
Multi-server rollup reporting improvements
The multi-server rollup reporting feature has been enhanced. You can now filter out unwanted items before performing a data rollup. New rollup reporting targets have been added, including policy assignments, and specific policy use across your network.
Queries system improvements
The Queries system has been enhanced in several ways. A redesigned Queries page now groups queries by result types, and includes more default queries. Query targets are now grouped in the Query Builder. A stacked bar chart has been added to the available chart types, and the variables and parameters for configuring charts have been improved.
Rogue System Detection improvements
Rogue System Detection has been improved to fully leverage the power of ePolicy Orchestrator 4.x platform. Now you can categorize exceptions, update your OUI list, and optionally employ OS finger printing.