If you don't have the blessing of an audit mandate that makes management top to bottom understand that out of support operating systems are Bad News for this and countless other security reasons that , about the best thing you can do is go to app whitelisting. McAfee Application Control http://www.mcafee.com/us/products/application-control.aspx (formerly Solidcore which we have and are working to deploy) and Bit9 (the leader in the space, but if you have win2k systems, you probably have enough headaches without Yet Another Management Interface and Vendor to Scream At) are the big players here.
Good luck. If you're in a security leadership role of any sort, make sure you've made an effective and strenuous case to management about the risk these systems can pose. If you lose that battle for whatever reason (and there are lots of reasons that even some very big well resourced companies will roll the dice to save redeveloping some critical software that hasn't yet broken).... app whitelisting may be the savior here, particularly if these machines run an app load that doesn't change much.
I think you'll find this decoder ring for version numbers and patch numbers for Agent 4.0 very useful.
I usually find them by googling "mcafee patch version" and adding a specific version number and/or "site:mcafee.com" and you can usually find them for whatever product you're looking for.
We had bad experience on Application control. Bit 9 doesn't support windows2000 neither.
Although VSE 8.7 patch 5 and 8.8 don;t support windows 2000 in McAfee article, in our exprience, they can be installed on it.
Is there any issue to do that?
1 of 1 people found this helpful
VSE 8.8 will work just fine. Make sure you use Patch 2 or later.
If you use the RTW package then you risk killing your Windows 2000 system due to an issue with registry bloating and the box won't boot anymore (it was a problem specific to Windows 2000). If you use the Patch 1 package, you have a vulnerability. So, use Patch 2 or later. And then of course, if you're on Patch 2 don't forget about the post Patch 2 hotfix, 778101.
With respect to VSE 8.8 and Windows 2000, our Patch 4 release will be the last patch update that will install onto Windows 2000.