I’m updating applications on my ePO 4.6.3 server before I update to ePO 5.0. I have updated our MA to 4.8 and that is going fine. I want to update my VSE 8.8.0 (975) as well but I’m confused as to which update to apply and I’m hoping someone can point me in the right direction.
We are using Windows Server 2012 in our domain now. To update my VSE should I use the Patch 3 or the Repost 3?
I already deployed VSE patch 2 back in February 2013.
My domain consist of all Window servers (2003, 2008, R2, 2012) and workstations (XP and Win7).
I'm thinking Repost 3 but I'm not sure.
Ok, lets get a few things out of the way.
VSE v8.8 P3 is for Windows 8 and Windows Server 2012 exclusively. If not installing these on Windows 8 or 2012, install or patch to P2, not P3.
Patches are intended to be applied to already installed systems, to simply update to that patch.
Reposts are intended to be used to systems Without the software (ex. VSE) already installed. This is intended to install fresh on to a system bringing the system up to the repost patch level, in one step.
So, for Windows XP, 7, Server 2008, and Server 2008R2, leave these as VSE 8.8 P2.
For Server 2012 (and Windows 8), with VSE already installed, use the Patch 3.
For new installs of VSE on Server 2012 and Windows 8, use the Repost P3.
Applying this to ePO is more complicated and determined by your network. You will need to give more info on your ePO environment and establish groups that establish when Patching (under whichever patch is appropriate) or when a fresh install is used (again, Repost 2 or Repost 3, as stated above). These are probably best asked in the ePO forum, though.
I hope this is helpful.
Using v. 8.8 unmanaged.(not using EPO): Does the task 'Immediately' mean that as soon as defs are updated, whether once or more per day, VSE will be alerted and fetch the new file?
I assume you mean:
VirusScan console > Autoupdate > Properties > 'Schedule...' >
Task tab: Schedule settings: 'Enable' >
Schedule tab: Run task: 'Immediately'
Immediately refers to running the task as soon as the McAfee agent starts. This would be right after booting.
Your description seems to imply a 'Push' arrangement from McAfee. This is not the case, rather a 'Client Pull' is in operation.
I do not recommend 'Immediately' as it would not re-download the daily updates that McAfee releases at around 3:00 pm (UTC), unless the PC restarts.
I generally configure unmanaged PCs to download 'Daily' sometime after 3:00 pm (UTC) (McAfee's planned release time) plus some randomization of 15 - 30 minutes (or more, to your liking), so as to not drastically overload Internet access for the download of these updates.
I also set the update to 'Run if missed' with a 5 minute or more delay, to catch updates for PCs or Laptops that have not been on for some time.
'Schedule Task Daily' to 'Every' 1 days.
Advanced > 'Repeat Task' > 'Every' 8 hours,
to catch early releases for Zero-day outbreak updates. This should check for updates 3 times a day. Usually this is more than adequate to cover most every situation. Your mileage may vary.
Adjust download at 3:00 pm (UTC) to accomodate your Time Zone and work habits, so that the majority of PCs receive updates as soon as possible and while the PCs are ON. (By 'ON' I mean, watch out for Sleep and Hibernation settings (Lid Close, or basically any Power Saving setting) causing the PC to miss scheduled updates.)
Hope this helps.
I too am wondering how to go about this, it all appears very messy. We have some Windows 2000, 2003 and 2008 servers and a couple of Windows 8 workstations (which will probably increase). At the moment I have a previous branch for agents to go to Windows 2000 servers, so they had to be manually deployed. The rest are automatic and are installed as new machines are connected to the domain.
Our network is predominantly XP and Windows 7 but with some Windows 8 workstations.
So is the advised way to check these as follows:
VSE 8.8 Patch 2 - Current branch
VSE 8.8 Patch 3 - Previous branch and manually add VSE via deployment task..
Is there anyway to achieve this automatically where a Windows 8 machine joins the network, get the agent (this bit already works), THEN get VSE 8.8 Patch 3. Again I've hunted high and low for any documentations without look and it isn't clear, logically, how this should be carried out.
Any help would be greatly appreciated.
I have not tried this, as I have been lucky enough to avoid Win8 in my customer's environments.
It seems that you should be able to create a branch for Windows 8/Windows Server 2012 and move the endpoints there. In that branch install VSE 8.8 P3 and P3 (just the patch).
Sometime in September or October, McAfee is 'suppose' to release VSE 8.8 P4 which is suppose to merge the releases so that the P3 branch will no longer be needed. Test though.
Found out that Patch 3 will automatically install the correct version dependant on the OS, although this didn't happen with me, it decided to install Patch 2 on the Windows 8 machine, had to uninstall then put Patch 3 on. Luckily this is a one of machine we are testing anyway, I would wait for at least 2 more patches before even considering rolling it out in live environment, I've been bit too many times.