3 Replies Latest reply on Jun 30, 2015 8:33 AM by powershell_guru

    VSE Patching Best Practices


      Hello all,


      I have a few questions regarding Update tasks and I'm hoping this can be easily explained.


      First, a little background.  Like most people, my environment is currently using VSE 8.8 Patch 4.  A few weeks ago patch 5 was released and I was able to successfully pull it into the Eval branch and do some preliminary testing.


      As far as updating the environment, I would like to learn more about how ePO is actually deploying software.  With any other tool like SCCM, Altiris, JAMF, we would attempt to install the software based on a schedule etc...


      For example, if I'm deploying FlashPlayer v. 17 to a group of machines running FlashPlayer v. 16, SCCM or Altiris would attempt to install the update as often as I specify but once the update was installed, the job would no longer run.  My concern is that I turn this patch update task toward a few thousand machines and it will run everyday until the cows come home.  What would really be helpful would be a breakdown of the scheduling options for tasks and how each one is going to affect the machine on the receiving end.


      Thanks everyone,



        • 1. Re: VSE Patching Best Practices

          Hello Paul,


          don't assign this patch to thousands of machines. P5 has quite some changes within core drivers and needs be extensive tested (see Patching VSE - risk level and Patching VSE - testing, testing, is this thing on?).


          You can install the P5 update just like SCCM or any other distribution software via Client Task. There you could specify a exact time (once or recurring) for installation/update. But keep in mind, that the agent needs an ASCI first to recognize the new update task. So depending on your ASCI interval, you have to create the task quite some time before deployment.




          • 2. Re: VSE Patching Best Practices
            Richard Carpenter

            Hi Paul.


            Each deployment or Update script will only 'install' if the product or update is not already installed, although if it is a Product Deployment (ie you are deploying the Repost rather than the patch) the task will run each time.


            During the update process the McAfee Agent will determine if the product or patch is already installed using a detection script. You should see this in the Agent Log and you should see something like:


            Verifying VSE880Det.McS.


            Each product has one of these Detection Scripts and normally they have the following naming convention <PRODUCTCODE>det.mcs


            In reference to your question, the the client task identifies the product is already installed to the versions you are trying to deploy it will not 'install' the product each time it runs, it will skip over to the next part of its update run.




            McAfee Volunteer Moderator

            Certified McAfee Product Specialist - ePO

            • 3. Re: VSE Patching Best Practices

              Thanks guys, this is exactly what I was looking for.  I'm so used to being concerned with too many distribution policies doing to many things, I didn't want the same to happen to ePO.  I will open a new thread but I also need to upgrade from HIPS 7 to HIPS 8 in order to update ePO itself.


              Thanks again,