5 Replies Latest reply on Apr 14, 2016 10:20 AM by wwarren

    upgrade Agent from 4.8.0.1938 to 5.0.2.333

    david.paulus

      I want to do an upgrade of the agent from 4.8.0.1938 to 5.0.2.333.

      But there is allready VSE 8.8P7 running on the endpoints, can I do a direct upgrade or do I have to do an uninstall of VSE, then an upgrade to 5.0.2.118, then a reinstall of VSE8.8P7 and then an upgrade to 5.0.2.333?

       

      Best Regards,

      David

        • 1. Re: upgrade Agent from 4.8.0.1938 to 5.0.2.333
          wwarren

          It is a legal migration path for you to simply upgrade to the 5.0.2.333 agent. VSE would not have an issue with that.

           

          What's unique to the 5.x agent, aside from the new Agent process names in 5.x, is that it installs our McAfee Controller service (mfemms.exe)

          VSE doesn't use this service.

          • 2. Re: upgrade Agent from 4.8.0.1938 to 5.0.2.333
            david.paulus

            Thank you for your fast response.

            And can I allready activate the ePO agent Key Updater ver 5.0.2.132 and MsgBus Cert Updater 5.0.2.132 for all the endpoints before I do the upgrade?

            • 3. Re: upgrade Agent from 4.8.0.1938 to 5.0.2.333
              Troja

              Hi, changing from Agent 4.x to 5.x take care! .-)

               

              1) Agent 5.x is updating the SysCore component. So take a look if your installed McAfee products are compatible with this Version of the Agent.

              2) Check your Access Protection Settings in VSE. If there are the self protection rules in place the new Agent processes are blocked. This can result in a complete damaged McAfee Installation.

              3) If you are planning to upgrade from VSE Patch x to Patch 7 and Agent 5.x is already installed you should wait for Agent 5.0.3.x Release (Support Info). Agent 5.x often breaks a VSE Patch 7 Installation.

               

              If you check your Access Protection Rules also check if you have Events where Access protection is blocking DAT Reputation. :-)

               

              Additional you may take a look at this links.

              https://kc.mcafee.com/corporate/index?page=content&id=SB10151

              Re: VSE 8.8 Patch 7 update order


              Access Protection rules triggered when installing a VirusScan Enterprise hotfix or when performing a McAfee Agent upgrade

              KB81930

               

              Cheers

              • 4. Re: upgrade Agent from 4.8.0.1938 to 5.0.2.333
                wwarren

                In their scenario they already have VSE 8.8 P7, which uses the same SYSCore version that MA 5.0.2.333 is using; which means SYSCore is not going to be upgraded in this case.

                However, it will introduce the McAfee Controller Service. They'll notice a new service is added to the system (along with the new MA 5.x services), called MFEMMS.exe.

                 

                I call it out because it does have an indirect functional impact to VSE, even though VSE doesn't use that service explicitly. So in that light it's something to be aware of, to test for in the environment, to ensure nothing odd comes out of the change from introducing that service.

                • 5. Re: upgrade Agent from 4.8.0.1938 to 5.0.2.333
                  wwarren

                  Regarding your follow up question, my understanding is that the Master key is already built into your Agent package and only if you've changed that key then the Key Updater simply allows existing deployed agents to adopt the new key. In other words, you wouldn't have to do anything regarding ePO Agent keys, and if you did want to change the Master key, that could be done at any time.

                  But, I have to cite some ignorance here because Agent isn't my area of expertise.