    McAfee MOVE 3.0 Agentless - vShield (Agent and Stability question)


      I have been running McAfee EPO, VSE 8.8 and Agent 4.8 for a  while now.  I am in the proce ss of converting all of my VM guests to MOVE. 


      I have installed all of the vShield and MOVE components in to my environment, but I do have a few questions.


      1) Do I remove the McAfee Agent 4.8 from all of the MOVE protected systems?

      2) If I do, how do I identify the systems in EPO?


      I have also been experiencing a random issue with the VM's protected by MOVE.  randomly, I will have a VM become unresponsive.  I cant RDP or connect via VM console.  The only way I have been to recover from this, is to perform a hard shutdown on the guest.  Anyone seen this?

          1. How do I remove the McAfee Agent 4.8? 

               ANS: Use your ePO Server so uninstall the McAfee Agent from the MOVE Agentless protected systems.


          2. How do I ID the MOVE Agentless systems in ePO?

              ANS: Use the Datacenter Connector 3.0 for vSphere (included with your grant on the McAfee Product Download page.)


          3. Random preformance related issue, VM is in a hung state.

              ANS: The following updates have corrected 100% of all preformance related issues with VMware vShield Endpoint with MOVE Agentless 3.0.  These setttings are recommened for all systems that are having slow preformance, hangs, lock-ups.


          Step 1
          Ensure the latest VMware Tools VMCI driver Endpoint Thin Client is installed.
          vsepflt.sys driver on client should be at a minimum the version below.  




          Step 2

          Adjust the following settings on the McAfee MOVE Agentless SVA 'svaconfig.xml' file.

          NOTE:  After making these changes, make sure to reboot the SVA.

          NOTE: The Default values for the McAfee SVA for WorkerThreads = 64, MaxEventsVM = 16

          Logon to the McAfee MOVE Agentless SVA  and Run the following commands:

          a. Enter the command: sudo -s   

          [sudo] password for svaadmin: <enter password>

          b. Enter the command: vi /opt/McAfee/move/etc/svaconfig.xml

          c. Using the arrow keys, navigate to: <workerthreads>64</workerthreads>  and change the 64 to 256.
             Should now be: <workerthreads>256</workerthreads>

          NOTE: Use the 'Delete' key to remove the number, rather than the 'Backspace' key.  You may have to hit the 'Insert' key before entering the new values.d. Using the arrow keys, navigate to: <maxeventsvm>16</maxeventsvm>  and change the 16 to 64.

            Should now be: <maxeventsvm>64</maxeventsvm>

          e: When the changes are completed, press and hold: <SHIFT> key and enter: ZZ

          f: Review your changes by typing: cat /opt/McAfee/move/etc/svaconfig.xml

          g: When the changes are correct, enter the following command to reboot the MOVE Agentless SVA.

          NOTE: The SVA will reboot upon entering this command!

          Enter the command: init 6 and press <ENTER>


            Great!  Thanks for the info dsabulsky...  For clarification, one last question please.   


            Is there a difference in the functionality for "multiple OVF depoloyment vs Manual"?  What i did initally was to manually install the OVF to each host in my vsphere cluster.  But after re-reading the install instructions, i noticed the caption below.


            Make sense?