0 Replies Latest reply on Apr 4, 2008 12:15 PM by BThomas

    Patch deploy questions

      Forgive me if my questions have already been covered, I performed a search but was not able to bring up answers I am looking for.
      I am running ePO 3.6.1, have deployed CMA 3.6, AV 8.0, and 8.5 to approx 3500 machines in enterprise.
      Machines are in groups in directory based on Dept/Roles, and IP Address Range.
      I would like to check in patches for CMA and AV to ePO without having them deployed to machines automatically. I would like to control the deployment to specific groups. In a sense, using the deployment first to non critical machines as a way of testing.
      Setup:
      -Deployment task on ePO has all components set to ignore, inherited throughout directory.
      -Agent update task is set to update DATS, Engine at various times with retries every 50 minutes.
      Patches, services packs on this task are all cleared, not enabled for updating.
      -Global updating is off.
      I have spoken with McAfee support many times, they all tell me the way I have it configured is correct and patches will not be deployed but I see otherwise in test lab.
      Dats are updated on schedule without any patches updating. But it seems at some time during the day the patches are downloaded to machines. Am I correct in assuming this is due to ‘Auto Update’ feature on AV client?
      Auto update on clients options:
      -Get newer definitions
      -Get newer engines
      -Get other available updates (service packs, upgrades etc)*
      The patch deploy happens about one hour after the schedule of the auto update on client.
      Is there a way around this? If I disable clients auto updates from ePO, is there a way to enable them again?
      Or am I thinking incorrectly and there is something else causing the patch deployments?
      Thank you in advance for any assistance and advice offered.