Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
AV 8.5 + patches
- Thread starter hayesp
- Start date
McAfeeGeek
Technical User
What version of EPO are you using?
Have you downloaded the patch and checked this into EPO's repository?
Have you downloaded the patch and checked this into EPO's repository?
- Thread starter
- #3
McAfeeGeek
Technical User
Hi Paul
In the CLIENT UPDATE TASK that you have scheduled, if you go into the settings of the task, you get options for what components to update as part of the task.
DAT and ENGINE are some of the components that are selected, but also there is an option for VirusScan Enterprise update, which may be selected and hence why the DAT updates are also updating patches for VSE 8.5.
I believe when the task is created, by default all components are selected, so you may need to go into the task and further into the tasks settings and deselect the relevant options.
Can you confirm this is the issue?
Secondly, in order to reduce network bandwidth, i dont believe you need to have clients connect to the epo server hourly. McAfee releases its DATS daily Mon-Fri between 4pm and 6pm.
So ideally you can have your EPO server updates ONCE daily and your clients update ONCE daily e.g. have epo server update at 7pm and clients update 9.30am.
Thirdly, EPO 4.0 patch 2 has been released which is a major patch. This patch now provides the functionality for Rogue System Detection. Rogue system detection Version 2.0 has also been released.
If your not sure what this feature does, im sure its all documented in the product documentation.
Any how, can you confirm to me whether what i suggested regarding the patch updates is correct?
Remember, you need to edit the task, go past the screen for the task name, and then in the wizard there comes and option for selecting what components to update. Deselect everything except DAT and ENGINE
McAfeeGeek
In the CLIENT UPDATE TASK that you have scheduled, if you go into the settings of the task, you get options for what components to update as part of the task.
DAT and ENGINE are some of the components that are selected, but also there is an option for VirusScan Enterprise update, which may be selected and hence why the DAT updates are also updating patches for VSE 8.5.
I believe when the task is created, by default all components are selected, so you may need to go into the task and further into the tasks settings and deselect the relevant options.
Can you confirm this is the issue?
Secondly, in order to reduce network bandwidth, i dont believe you need to have clients connect to the epo server hourly. McAfee releases its DATS daily Mon-Fri between 4pm and 6pm.
So ideally you can have your EPO server updates ONCE daily and your clients update ONCE daily e.g. have epo server update at 7pm and clients update 9.30am.
Thirdly, EPO 4.0 patch 2 has been released which is a major patch. This patch now provides the functionality for Rogue System Detection. Rogue system detection Version 2.0 has also been released.
If your not sure what this feature does, im sure its all documented in the product documentation.
Any how, can you confirm to me whether what i suggested regarding the patch updates is correct?
Remember, you need to edit the task, go past the screen for the task name, and then in the wizard there comes and option for selecting what components to update. Deselect everything except DAT and ENGINE
McAfeeGeek
- Thread starter
- #5
McAfeeGeek
Technical User
Hi Paul
I would suggest you contact McAfee Technical Support, as i am out of ideas for what could be causing the patch updates to occur automatically.
If possible, it would be a good idea to have a test machine so you can recreate the issue when speaking to McAfee, as it is always difficult to troubleshoot an issue backwards.
Preferrably, see if you can agree a remote session so that the issue can be seen as you replicate it.
Whilst speaking to McAfee about EPO issues, i find that it is always a good idea to have debug level logging enabled for McAfee EPO and CLIENT as this will capture the logs and any errors in debug format, which will assist if your case requires escalating. Have debug level logging enabled BEFORE recreating the issue.
Debug level logging can be enabled on SERVER and CLIENT by going to registry
HKLM > SOFTWARE > NETWORK ASSOCIATES > EPOLICY ORCHESTRATOR
On the right hand side in the registry, select LogLevel and change this from 7 to 8
If you get an access denied message when making this change, then VirusScan Enterprise 8.5 is preventing you from modifying the registry. In which case open the VSE console and right click the first option Access Protection and select disable. This will give you anything from seconds to 5 minutes to make the change in the registry.
Once registry has been modified, contact McAfee and recreate the issue.
Sorry i couldnt be of any more help.
McAfeeGeek
I would suggest you contact McAfee Technical Support, as i am out of ideas for what could be causing the patch updates to occur automatically.
If possible, it would be a good idea to have a test machine so you can recreate the issue when speaking to McAfee, as it is always difficult to troubleshoot an issue backwards.
Preferrably, see if you can agree a remote session so that the issue can be seen as you replicate it.
Whilst speaking to McAfee about EPO issues, i find that it is always a good idea to have debug level logging enabled for McAfee EPO and CLIENT as this will capture the logs and any errors in debug format, which will assist if your case requires escalating. Have debug level logging enabled BEFORE recreating the issue.
Debug level logging can be enabled on SERVER and CLIENT by going to registry
HKLM > SOFTWARE > NETWORK ASSOCIATES > EPOLICY ORCHESTRATOR
On the right hand side in the registry, select LogLevel and change this from 7 to 8
If you get an access denied message when making this change, then VirusScan Enterprise 8.5 is preventing you from modifying the registry. In which case open the VSE console and right click the first option Access Protection and select disable. This will give you anything from seconds to 5 minutes to make the change in the registry.
Once registry has been modified, contact McAfee and recreate the issue.
Sorry i couldnt be of any more help.
McAfeeGeek
- Thread starter
- #7
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question