4 Replies Latest reply on Jun 24, 2011 10:37 AM by ottawa_tech_31

    VSE 8.8 and Agent Deployments

    kink80

      I have read KB72202 and I am a little confused as to what situations it applies. I have McAfee Agent 4.5P2 (4.5.0.1810), VSE 8.8 (no Hotfixes), HIPS 7.0.0.953 + 7.0.0.1159 and ePO 4.5.4 HF1. When I tried to move a machine from my test ePO server to my production ePO server , which I have done numerous times, by deploying the McAfee Agent to the machine from the production ePO server I got the errors mentioned in the KB article. CustAct [19:2:57:48] Acl [E]   error 5: Access is denied. The machine was running McAfee Agent 4.5P1 on the test ePO server and I deployed McAfee Agent 4.5P2 to this machine from the production ePO server. The machine is running VSE 8.8.0.777 with no hotfixes. I go the 4.5P2 agent on this machine but only after disabling On-Access Protection. I am a little concerned that this indicates that I will have issues upgrading the McAfee Agent on machines that have VSE 8.8 installed. Has anyone else ran into this?

       

      Message was edited by: kink80 on 6/23/11 2:38:33 PM GMT-06:00
        • 1. Re: VSE 8.8 and Agent Deployments
          ottawa_tech_31

          I`m in this boat, with 10,000 nodes stuck...

           

          We deployed the hotfix.

           

          Now we want to deploy MA 4.5 P3 (not because we NEED it, but because it addresses the event 514/516 issue)

           

          But we cannot...in fact, we can't upgrade ANY agents once the patch is installed (so machines that have VSE 8.8 w HF, but are behind in the MA version, can't even get the current one)

           

          I opened a ticket w support...was told VSE 8.8 patch 1 would fix it, due 2nd week July....BUT....would require us to DISABLE ACCESS PROTECTION to deploy it....

           

          Now through my AWESOME Sales Engineer, I got some tips on how to get the agent deployed (disable the part of AP that protects the AGENT, but leave AP enabled for the part that protects VSE, so reduced risk/exposure) ....

           

          However, if we need to disable AP to get the VSE patch installed, then Mcafee REALLY REALLY REALLY screwed up....

           

          With 10,000 nodes, we are a decent sized shop, but also know there are bigger shops stuck in this boat....not a fun place to be...

           

          As I told my SE, this is complex software, and I can forgive a bug...but what REALLY bothers me is the lack of a "yes we are working on a proper fix and we expect it in X days"...their recommendations are , quite frankly, poor....

          1 of 1 people found this helpful
          • 2. Re: VSE 8.8 and Agent Deployments
            kink80

            I am in the middle of upgrading my machines from VSE 8.7i P3 to VSE 8.8. I have not deployed HF 660014 to any of my production machines.

            So with just having the RTM version of VSE 8.8 should I be able to upgrade agents on my machines? Because in the case I mentioned it had VSE 8.8 RTM and I tried to upgrade the agent from 4.5P1 to 4.5P2 and it would not let me until I disabled Access Protection.

            • 3. Re: VSE 8.8 and Agent Deployments
              wwarren

              Access Protection will not need to be disabled to deploy Patch 1 for VSE 8.8. It's only the Agent that is hindered by this change introduced by the hotfix 660014. And the workaround of disabling a single AP rule that protects the Agent's file/folders is a cleaner workaround than disabling AP altogether.

               

              Also, Patch 1 for 8.8 is not expected now until September. Mid-July was an old target date and schedule has had to be reevaluated since then.

              We do not post release dates of maintenance releases while still in development because those dates are always changing, nevertheless if you've been told mid-July by someone it's only fair I reset that expectation to something more accurate..

              • 4. Re: VSE 8.8 and Agent Deployments
                ottawa_tech_31

                wwarren, I sent you a PM with more info to follow you.

                 

                Thanks