3 Replies Latest reply on May 9, 2011 11:22 AM by dimitar

    How to use ePO to trap yourself with EEFF.

    safebootsamurai

      After a very disturbing corospondance with support, I was informed that although ePO can be used to deploy EEFF it cannot be used to either remove (known issue) or upgrade it. Now I have about 25,000 systems that they want me to  1. Uninstall EEFF Manually so ePO can push the upgrade or 2. Manually install the upgrade on each system. Why McAfee? Why would you even consider giving people the option to deploy with ePO when there is no upgrade path?

      P.S. Thanks for the EPIC FAIL

        • 1. Re: How to use ePO to trap yourself with EEFF.

          Hi,

           

          I could understand why you are upset. 

          So if I understood correctly you are waiting for the new EEFF version 4 that will be fully integrated with ePO.

          Are you going to use it for 25 000 machines without testing first. It will take time for McAfee to adjust it and to find and correct some unknown issues.

           

          On other hand it is interesting to share with which level of McAfee support you have talked about the problem.

          If the new version is fully integrated with ePO maybe it will offer some upgrade functionality.  Even if not you have an option to deploy the new EEFF.msi using deployment tool for example.

           

          I am really interested what will happen as I am going deploy EEFF 3.2.5 using EEM in next two months and than I would like to upgrade to ePO integrated version.

          We have ePO 4 patch 6 already running for Antivirus.

          • 2. Re: How to use ePO to trap yourself with EEFF.
            safebootsamurai

            We will be looking to move to version 4 after some testing but for now we just want everybody on version 3.2.6. I am working with Platinum Support on this issue. I am looking at making a modified ePO package to force the install or possably using another product depoloyment tool. At this point I would just like to upgrade 3.2.5 to 3.2.6 with ePO using a supported McAfee method but looks like thats not going to happen.

            That said.

            If you can postpone your 3.x deployment I would highly recommend it has some real Gotchas that cause some administrative headaches. Starting fresh with version 4.0 would eliminate a host of issues and I belive it is right around the corner.

             

            Problems with 3.x that I have seen include but are not limited to:

            1. No way to force policy update without forcing the user to login at every boot.

            2. All drives except the boot volume are treated as removable i.e. secondary  hard drive or partitions

            3. USB floppy drives are read only if using "write protect existing"

            4. Moving a user with the AD Connector from one control group to the other control group does not apply the different policy of the other control group

            5. Managing files in Sharepoint is broken when using "explorer view" or "open in explorer"

            6. Incorrect messages displayed in windows when access is denied from OS (get a mcafee error when it should be windows)

            7.Cannot upgrade from 3.x build to 3.x build with ePO

            8. Cannot uninstall 3.x build with ePO

            9. MfeEERM.exe "randomly" does not get added to initalized flash drive (I can't reproduce, therefore I can't open a support case)

            10.  Detailed logging information does not exist, well it does exist but only support can read it because it's encrypted!

             

            I Have corrected most all of these using a combination of scripting, registry keys, and policy tweaks, but i'm a McAfee Certified Expert on Endpoint Encryption, god help you if your not.

             

            Message was edited by: safebootsamurai on 4/28/11 2:17:24 PM GMT-05:00
            • 3. Re: How to use ePO to trap yourself with EEFF.

              Hi,

               

              Apologize for the late reply. I was very busy these days and not entering the communities.

              Thank you very much for the detailed problem list with the current version! It is very helpful for me!!!

               

              I am not a McAfee expert but I have strong experience with Encryption products including McAfee, but not EEFF. It is a challange for me.

              Unfortunately I cannot wait for ver 4. The plan is to go to 3.2.6 using virtual environment and than to upgrade to 4 when it is available (hopefully before the end of 2011).

               

              These are really not good points:

               

              1. No way to force policy update without forcing the user to login at every boot.

              2. All drives except the boot volume are treated as removable i.e. secondary  hard drive or partitions

              3. USB floppy drives are read only if using "write protect existing"

              4. Moving a user with the AD Connector from one control group to the other control group does not apply the different policy of the other control group

              5. MfeEERM.exe "randomly" does not get added to initalized flash drive (I can't reproduce, therefore I can't open a support case)

               

              For the last one I still did not experienced such problem, but I will continue to test it. maube we could find something.

               

              Thank you again. Keep in touch!