This content has been marked as final. Show 5 replies
It depends really. You have two options with how Mcafee works that i find. One is when you check in the Virusscan package. For example Mcafee Virusscan 8.5 is offered with patch7. If you check in that package and set a deployment to install mcafee 8.5 the agents will get 8.5 and patch 7.
Now at this point patch 8 is offered. If you check that package into your ePO server you have to make sure a task is defined to update patches, service packs, etc.
For us we have a VirusScan deployment that "Run at every policy enforcement " that will deploy mcafee 8.5 with i think patch 5 right now. So for use everyone agent that checks in will get mcafee 8.5 with patch 5.
Now we also have checked in just patch 7 at this point and we have a deployment that runs once a month on the weekend to upgrade the agents patch level. During that task they will get patch 7.
Also, i personal can not stand the options for deployment with Mcafee so i push out the patch upgrades with our software deployment and let that filter out before checking in a package with mcafee. Plus i get better reporting this way because we can have alot of machines of the domain at one time. Also, Mcafee seems to do its own thing one to many times for my liking.
Word of caution--I'm using ePO 3.6.1, and I wanted to do a limited release of Patch 5 to a few test workstations before deploying it to the entire directory. I used the "Daily Update" task on the test container, and made sure that Global Update for patches and service packs was disabled.
However, as soon as I checked the package into the repository, it went out to the entire directory. I still to this day haven't figured out why. Fortunately, it had no negative consequences.
I believe that's what Johonn means when he says "Mcafee seems to do its own thing one to many times for my liking."
Johonn, any tips on using a software deployment package to release VSE patches? Do you have a list of command line switches, and what other commands, if any, do you need to include when creating the install package for the patch?
sure, say i want to install patch 8 for virus scan 8.5. You will need the patchX.msp from mcafee. You can find the patchX.msp file within the zip file you download, VSE85iP8.zip
The script i am using basically goes.....
1. Check to make sure 8.5 is installed
a. C:\Program Files\McAfee\VirusScan Enterprise\RepairCache\vse850.msi
2. Check to make sure latest patch you are installing is not already installed
a. C:\Program Files\McAfee\VirusScan Enterprise\RepairCache\Patch8.msp
3. If 8.5 is installed and patch8.msp is missing then install patch 8
4. Execute MSI in "Appy patch mode"
a. msiexec /p "location of .msp file"
5. force mcafee agent update
a. "C:\Program Files\McAfee\Common Framework\CmdAgent.exe /p /c"
Now depending on the software deployment package you may have the option to execute/install an msi and you can select the "Apply Patch" option vs. Install, Repair, etc. If not then i provided the command line for msi above.
I was looking for the patchX.msp that you were describing and there does not seem to be a .msp present in the VirusScan8.5.zip at all. Is there another location where I can obtain the .msp files? In EPO, I ran a software pull with the options selected for VirusScan Enterprise 8.5.0 and 8.7.0 under the section "Products, patches, and service packs" to make sure I had the latest versions.