Would anyone know if there is documentation for how to install McAfee Enterprise 8.8 on a Windows Embedded Standard 7 thin client with Write Filter considerations?
Hi, whilst everything I've seen on the McAfee site suggests that using VSE on Windows 7 Embedded is not supported, I've managed to get VSE 8.8 installed and controlled on Windows Embedded Standard 7 using the following method. This is my own solution, put together from surfing the 'net and some trial and error.
You'll have to use File Based Write Filters as opposed to Enhanced Write Filter though.
Firstly, you may need to increase the size of your RAMDisk - the units I have come out of the box with a 128 MB RAMDisk - I upped this to 256 MB as if you're pushing both a DAT and Engine update you won't have the room to hold it all, along with the temporary stuff the unit stores on the RAMDisk anyway and your updates will fail.
Deploy the McAfee Agent and VSE 8.8 to your unit. Once this is done, add the following directories in your File-Based Write Filter exclusion list:
C:\Program Files\Common Files\McAfee
C:\ProgramData\McAfee - you may need to show hidden files, folders and drives to see this in the selection list
You will probably need to increase the size of your File-Based Write Filter Cache to 256 MB as well (my units come out of the box with 128 MB and we found that this setting filled up and caused the units to reboot whilst people were in a Remote Desktop sesion. Unfortunately as the RDP Session overlayed the warning about the cache filling up the session was just chopped!)
Finally, when using FBWF, you sometimes have to apply a Registry tweak to the Windows Embedded unit to make the settings stick. If you navigate to HKLM\SYSTEM\CurrentControlSet\Services\RegFilter\Parameters\MonitoredKeys you will probably have two default keys there - _MachineAccount. and _MSLicensing. Your custom Write Filter will probably appear as 2. it seems that in order to get your custom FBWF to work, you have to change the names of the two default keys to 0 and 1 respectively - I found this nugget of info on the following link:
Like I said, this installation method worked for me - AV updates and the update persists across reboots. We haven't had any virus detections reported from our WES7 units yet - but that could be because our perimeter protection and usage policies are in good working order.
This information is posted "as is" and I'll accept no responsibility or liability if these modifications wreck your WES7 unit or you get a Virus outbreak!
Message was edited by: toobusy on 23/09/13 07:36:02 CDT
Message was edited by: toobusy on 24/09/13 08:34:33 CDT