In the release notes for the agent, at the end:
VirusScan Enterprise 8.8.0 Patch 5/6 Hotfix 1087536 or VirusScan Enterprise 8.8.0 Patch 7 should be installed on the client machines prior to upgrade of McAfee Agent 5.0.2 Hotfix 1110392.
Nothing like testing it and looking at the generated events...
Picking up this one again.
Also in the release notes for the Agent:
Note: If intending to use Patch 7 as the prerequisite, Patch 7 is restricted to installing on MA 126.96.36.199 and you must follow these steps:
1. Install or upgrade to MA 188.8.131.52
2. Install or upgrade to VSE 8.8.0 Patch 7
3. Upgrade to MA 184.108.40.2063
Do you know if there is a reason doing the update this way?
I am asking because in our environment i was able to update MA 220.127.116.11 to MA 18.104.22.1683 and afterwards to update VSE 8.8.0 Patch 4 to VSE 8.8.0 Patch 7. It seems that Patch 7 is not restricted to install it only on MA 22.214.171.124 as it is also possible to install it on MA 126.96.36.1993.
Haven't crossed that bridge yet, focussing on mcdatrep 1.0.4 dependency for now.
I've found the following in kb51111
The following MA versions are minimally required.
- MA was formerly Common Management Agent.
- Refer to the MA documentation to ensure which version is supported on your operating system.
- To view the version (Build) information for:
Product Minimum MA version VSE 8.8 Patch 7 MA 5.0 (Build 188.8.131.52) 1
MA 5.0 (Build 184.108.40.2063) 2
MA 4.8 (Build 220.127.116.110) and later 4.x versions
VSE 8.8 Patch 6 MA 5.0 (Build 18.104.22.16820)
MA 4.8 (Build 22.214.171.1240)
VSE 8.8 Patch 4, 5 MA 5.0 (Build 126.96.36.19920)
MA 4.8 (Build 188.8.131.520)
VSE 8.8 through Patch 3 MA 4.8 (Build 184.108.40.2060) 1 VSE 8.8 Patch 7 supports MA 5.2 (Build 220.127.116.11), but other McAfee products might experience compatibility issues. See KB79397. 2 Patch 7 supports McAfee Agent version 18.104.22.1683; however this version of McAfee Agent has installation requirements. See the Release Notes for McAfee Agent 5.0.2 Hotfix 1110392 for information (PD26386).
Recommended Installation Sequence
The fix involved re-architecting the self-protection mechanisms in VSE, which functionally impacts multiple products. This architecture change creates an installation dependency between MA 22.214.171.1243 and VSE 126.96.36.1998. Please follow the recommended installation sequence to update to MA 188.8.131.523 and VSE 184.108.40.2068 or later.
Table A: Product Update Versions Sorted By Release Date
The following product versions are referenced in Table B below.
Product Version Release Build Package Date VSE 8.8.0 Patch 5/6 Hotfix 1087536 220.127.116.118 October 1, 2015 MA 5.0.2 Hotfix 1091027 18.104.22.168 November 18, 2015 VSE 8.8.0 Patch 7 22.214.171.1248 February 12, 2016 MA 5.0.2 Hotfix 1110392 126.96.36.1993 February 25, 2016
Table B: Install Sequence Chart
Refer to the following Installation Sequence Chart for guidance.
Scenario 1 Scenario 2 Scenario 3 Scenario 4 Scenario 5 Starting Point for Products Installed VSE 188.8.131.528:
Recommended Installation Sequence for Upgrade
- First Install: MA 184.108.40.206
- Then Install: VSE 220.127.116.118
- Then Install MA 18.104.22.1683
- First Install: VSE 22.214.171.1248
- Then Install: MA 126.96.36.1993
Upgrade to MA 188.8.131.523 OnlyInstall: Impact of Not Following Recommended Sequence No Impact. No Impact. If no intent to install VSE, ensure MA is upgraded to 184.108.40.2063. No Impact. Remediation if Impact Occurs Install VSE 220.127.116.118 Ensure both MA 18.104.22.1683 and VSE 22.214.171.1248 are installed Install MA 126.96.36.1993 N/A
I´m just in the same situation right now.
I also read the articles and they seem to be somehow confusing.
Like in your case regarding the install sequence chart we have scenario 1.
So normally one should upgrade Agent to .188, then Update P7 VSE and then Agent again.
The next line says there is no impact if not doing so and that is exactly what I can see here.
Update all our clients (>300) to Agent .333 and now have like 35 machines running with P7 VSE.
Everythin deployed without errors and everything seems to work without problems by now.
Thank you Daniel_S for sharing your experience.
Can someone provide a good reason for not updating directly to 188.8.131.523 and then to VSE Patch 7 or has someone else already updated this way and can share his experience?
from my side, i always check if the patch resolves a issue i have. If not, i have no need to update.
At any project at the Moment (10000+ endpoints) we are really testing in detail when updating McAfee products. :-)
This week a customer reported a Problem with the given update procedure. I think it depends, because this customer is also using FRM and DLP.
So they tested what is working and defined a update procedure for themselves.