Would be 100x simpler if you used ePO, if you have a lot of PC I would assume you are running ePO. If you are not licensed for it, many suites include ePO.
how ow could I check that I am running ePO?
If all your devices are updating directly from the internet, that is a good indicator...
If you start up the agent in c:\program files\mcafee\common framework\cmdagent -s, it will tell you if you those devices are connected to ePO. Look at the log or right click on the agent icon that will show in the icon tray.
Value of running ePO: centralised reporting and configuration, centralized product deployment, single source of update.
You can easily lock down the config locally with ePO and control everything centrally. In small setups, it can be a self contained server. With the new agent 5.0, there now is also peer to peer file replication.
When you buy a mcafee product, you get a grant number (12345667-abc) and that allows you to download the software from the mcafee website.
TThanks for detaied information but I'd consider my case slightly different that you described above. My company definetely has grant number and etc but my team has a set of PC's that are located in vLAN and don't have access to Internet. It's solely our task to implement McAfee scan inside vLAN. Well that nitially I had to remove 'managed' mode from each agent because I wanted to have control on it. Then every night server which is located behind vLAN and connected to Internet grab latest version of data.exe file and put it on shared location. Then each PC grabs that file and execute it locally and after that it starts scanning. At the very end when scan completed on all machines logs get copied to one place and then I run my parser script. I do this procedure daily.
Sure it's not as elegant as to use centralized ePO BUT it works for my team
You could also consider a second ePO. Again much easier....