Product Guide. McAfee Endpoint Upgrade Assistant 1.5.0

Similar documents
McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator 5.9.0)

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Upgrade Assistant 2.3.x Product Guide

Product Guide. McAfee Endpoint Upgrade Assistant 1.4.0

McAfee MVISION Endpoint 1811 Installation Guide

Data Loss Prevention Discover 11.0

McAfee MVISION Endpoint 1808 Installation Guide

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator)

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security

McAfee Content Security Reporter Installation Guide. (McAfee epolicy Orchestrator)

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Rogue Database Detection For use with epolicy Orchestrator Software

McAfee Client Proxy Installation Guide

Installation Guide. McAfee Web Gateway Cloud Service

Installation Guide. McAfee Endpoint Security for Servers 5.0.0

McAfee Content Security Reporter Release Notes. (McAfee epolicy Orchestrator)

McAfee Client Proxy Product Guide

McAfee Endpoint Security Installation Guide. (McAfee epolicy Orchestrator)

McAfee File and Removable Media Protection Installation Guide

McAfee Content Security Reporter 2.6.x Migration Guide

Migration Guide. McAfee Content Security Reporter 2.4.0

Product Guide Revision A. McAfee Client Proxy 2.3.2

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Content Security Reporter 2.6.x Installation Guide

McAfee Endpoint Security Threat Prevention Installation Guide - macos

McAfee Firewall Enterprise epolicy Orchestrator Extension

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Host Intrusion Prevention 8.0

McAfee Policy Auditor 6.2.2

McAfee Endpoint Security for Servers Product Guide. (McAfee epolicy Orchestrator)

McAfee Data Protection for Cloud 1.0.1

McAfee MVISION Mobile epo Extension Product Guide

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator)

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide

McAfee Agent Interface Reference Guide. (McAfee epolicy Orchestrator Cloud)

Migration Guide. McAfee File and Removable Media Protection 5.0.0

Reference Guide. McAfee Security for Microsoft Exchange 8.6.0

McAfee Endpoint Security for Servers Product Guide

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0

McAfee epolicy Orchestrator 5.9.1

McAfee Application Control Windows Installation Guide

McAfee Endpoint Security for Linux Threat Prevention Interface Reference Guide

McAfee Investigator Product Guide

McAfee Endpoint Security Threat Prevention Installation Guide - Linux

McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee File and Removable Media Protection 6.0.0

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Endpoint Upgrade Assistant 1.5.0

McAfee MVISION Mobile Citrix XenMobile Integration Guide

McAfee epolicy Orchestrator Software

McAfee Data Exchange Layer Product Guide. (McAfee epolicy Orchestrator)

McAfee File and Removable Media Protection Product Guide

Boot Attestation Service 3.0.0

Product Guide. McAfee Performance Optimizer 2.2.0

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

Installation Guide Revision B. McAfee Active Response 2.2.0

McAfee Application Control and McAfee Change Control Linux Product Guide Linux

McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee Active Response 2.0.0

McAfee Change Control and McAfee Application Control 8.0.0

McAfee MVISION Mobile Silverback Integration Guide

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee Performance Optimizer 2.1.0

McAfee Application Control Windows Installation Guide. (Unmanaged)

McAfee Cloud Workload Security Product Guide

Revision A. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

McAfee MOVE AntiVirus Installation Guide. (McAfee epolicy Orchestrator)

McAfee Agent 5.6.x Product Guide

Deploying the hybrid solution

McAfee Rogue System Detection 5.0.5

McAfee Boot Attestation Service 3.5.0

McAfee Endpoint Security

Archiving Service. Exchange server setup (2010) Secure Gateway (SEG) Service Administrative Guides

McAfee Endpoint Security Threat Prevention Product Guide - Windows

McAfee MVISION Mobile MobileIron Integration Guide

Firewall Enterprise epolicy Orchestrator

Best Practices Guide. Amazon OpsWorks and Data Center Connector for AWS

McAfee Agent Product Guide. (McAfee epolicy Orchestrator Cloud)

McAfee MVISION Mobile AirWatch Integration Guide

Product Guide. McAfee Content Security Reporter 2.4.0

Product Guide. McAfee Web Gateway Cloud Service

McAfee Network Security Platform

McAfee Endpoint Security Installation Guide. (Unmanaged)

McAfee Threat Intelligence Exchange Installation Guide

McAfee Threat Intelligence Exchange Installation Guide. (McAfee epolicy Orchestrator)

McAfee Management of Native Encryption 3.0.0

McAfee Network Security Platform 8.3

McAfee Rogue System Detection 5.0.0

McAfee Application Control Linux Product Guide. (McAfee epolicy Orchestrator)

McAfee Network Security Platform

Product Guide. McAfee Web Gateway Cloud Service

Product Guide Revision A. Endpoint Intelligence Agent 2.2.0

McAfee Data Loss Prevention Endpoint 10.0

McAfee Content Security Reporter Product Guide. (McAfee epolicy Orchestrator)

McAfee SiteAdvisor Enterprise 3.5.0

McAfee Endpoint Security

Hardware Guide. McAfee MVM3200 Appliance

Release Notes for McAfee(R) Security for Microsoft Exchange(TM) Version 8.0 Copyright (C) 2013 McAfee, Inc. All Rights Reserved

Transcription:

Product Guide McAfee Endpoint Upgrade Assistant 1.5.0

COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone, McAfee LiveSafe, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, True Key, TrustedSource, VirusScan are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide

Contents 1 Overview of Endpoint Upgrade Assistant 5 Overview of Endpoint Upgrade Assistant.......................... 5 Key features of Endpoint Upgrade Assistant......................... 6 How Endpoint Upgrade Assistant works.......................... 7 2 Preparing to upgrade 9 Best practices before you upgrade............................ 9 McAfee product requirements for upgrades........................ 10 Planning your deployment options............................ 11 Setting up your test environment............................ 12 High-level workflow for upgrades............................ 13 How to use Endpoint Upgrade Assistant.......................... 14 3 Upgrading with McAfee epo 17 Deployment options using McAfee epo tasks........................ 17 What happens during upgrades............................. 17 Workflow for upgrading with McAfee epo......................... 17 Create a deployment task in Endpoint Upgrade Assistant.................... 18 Create a deployment task in McAfee epo.......................... 19 Supported command-line options for upgrades.................... 20 4 Upgrading with other solutions 23 Using Package Creator to create custom product installers................... 23 Workflow for upgrading with third-party tools........................ 24 Create product installers with Package Creator....................... 25 Download the McAfee Agent frame file....................... 26 5 Best practices and troubleshooting 27 Best practices for managing upgrade information...................... 27 Export system and product information....................... 28 Troubleshooting blocked endpoints........................... 28 Refresh the McAfee epo database......................... 28 Troubleshooting installation and uninstallation issues..................... 29 Remove files after a failed installation........................ 29 Troubleshooting issues with Endpoint Upgrade Assistant.................... 30 Troubleshoot issues with Upgrade Automation....................... 30 Troubleshooting issues related to Package Creator...................... 33 Increase package size limit in McAfee epo...................... 33 Reporting an issue to McAfee Support........................... 34 McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide 3

Contents 4 McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide

1 1 Overview of Endpoint Upgrade Assistant Contents Overview of Endpoint Upgrade Assistant Key features of Endpoint Upgrade Assistant How Endpoint Upgrade Assistant works Overview of Endpoint Upgrade Assistant McAfee Endpoint Upgrade Assistant is a McAfee epolicy Orchestrator (McAfee epo ) tool that analyzes the endpoints in your McAfee epo environment, detects the supported McAfee products that are installed, and determines the minimum requirements for upgrading to McAfee Endpoint Security. Bundled with Endpoint Upgrade Assistant is Upgrade Automation, which can be deployed to endpoints, to manage an upgrade process. With information from Endpoint Upgrade Assistant, administrators can plan and implement product upgrades throughout their environment efficiently. Endpoint Upgrade Assistant does not alter the McAfee epo environment. It collects and analyzes the data about an environment, then provides tools to assist with upgrading the environment to Endpoint Security. In contrast, Upgrade Automation does modify the environment. It removes legacy products and installs Endpoint Security. Product components Endpoint Upgrade Assistant includes these McAfee epo components: Extension Install on the McAfee epo server. Provides the features for analyzing, preparing, and tracking McAfee product upgrades for your environment. Make sure that your endpoints are running epolicy Orchestrator 5.1.2 or later. Client package (Upgrade Automation) Deploy to managed endpoints. Provides ability to remove legacy products, upgrade McAfee Agent, upgrade incompatible versions of McAfee Data Loss Prevention (McAfee DLP), and install Endpoint Security. McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide 5

1 Overview of Endpoint Upgrade Assistant Key features of Endpoint Upgrade Assistant Key features of Endpoint Upgrade Assistant Endpoint Upgrade Assistant simplifies and automates the tasks required to upgrade McAfee products in McAfee epo environments. Its features minimize the number of upgrade tasks and ensure product interoperability. It also provides information to assist with upgrading the Windows operating system. Automatic upgrades using Upgrade Automation Upgrade Automation is a McAfee epo client package that works with Endpoint Upgrade Assistant to upgrade multiple products on multiple endpoints to McAfee Endpoint Security, using a single McAfee epo product deployment task. Upgrade Automation removes and replaces these legacy products: This product (if installed) McAfee VirusScan Enterprise McAfee SiteAdvisor Enterprise McAfee Host Intrusion Prevention (McAfee Host IPS) Is replaced with Endpoint Security Threat Prevention Endpoint Security Web Control Endpoint Security Firewall (Optional. You can choose to keep McAfee Host IPS instead of installing Firewall.) Upgrade Automation also upgrades these products to compatible versions: McAfee Agent 5.0.5 or later McAfee Data Loss Prevention version 9.3 Patch 6 Best practice: Restart the endpoints manually after upgrading, taking care to consider the effects of restarts in server environments. Upgrade Automation doesn't restart endpoints after deployment. Tagging Endpoint Upgrade Assistant uses McAfee epo tags to identify servers and workstations that require specific product upgrades. View these tags in the Tag Catalog under a group called Endpoint Upgrade Assistant Tags. You can create a single tag for all the endpoints eligible for automatic upgrades using Upgrade Automation. When you create a deployment task in McAfee epo, select one of the tags you've created with Endpoint Upgrade Assistant. All the tagged endpoints are upgraded when the deployment task runs. Deployment options You can automatically upgrade Endpoint Security in your environment with a single McAfee epo deployment task. Create a deployment task in three ways: In Endpoint Upgrade Assistant Create a deployment task on the Deploy & Track tab. In McAfee epo: Create a deployment task on the Product Deployment page. Create a client McAfee Agent deployment task. Package Creator and support for third-party deployment solutions Endpoint Upgrade Assistant Package Creator is a tool that lets system administrators create custom installers for upgrading McAfee products. The product installer can be an application for deployment with third-party solutions or a package for deployment with McAfee epo. 6 McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide

Overview of Endpoint Upgrade Assistant How Endpoint Upgrade Assistant works 1 Package Creator includes these components: Package Creator Provides features to select products and configure settings for custom product installers. Client package (Upgrade Automation) Deploys to managed endpoints with the custom product installer. How Endpoint Upgrade Assistant works Endpoint Upgrade Assistant analyzes your environment, then displays the information you need to upgrade your environment automatically with minimal impact on endpoints. Best practice: Deploy upgrades in a test environment or to a test group, then verify the results before deploying upgrades to the larger environment. Three tabs guide you through all the tasks required to upgrade. 1 Specify what to upgrade Select the version of Endpoint Security and the System Tree groups. 2 Analyze your environment Discover endpoints that require upgrades and endpoints that can't be analyzed. 3 View the steps required for upgrading your environment Identify which endpoints can use Upgrade Automation and which require manual upgrades. Re-analyze your environment after completing manual upgrades to identify additional endpoints for Upgrade Automation. 4 Check in and install the required software to the McAfee epo server This makes it available for deployment tasks using Software Manager. 5 Tag endpoints to upgrade Create one tag for all the endpoints that are eligible for Upgrade Automation. This enables Upgrade Automation to deploy upgrades to all the endpoints with a single deployment task. You can also tag endpoints that require manual upgrades. 6 Deploy Upgrade Automation Use one of these methods to upgrade to Endpoint Security: On the Deploy & Track tab Click Create Deployment Task. From McAfee epo Create a product deployment task or client McAfee Agent deployment task. From Package Creator Create a custom installer, then deploy it using your preferred third-party tools or McAfee epo. See also Setting up your test environment on page 12 McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide 7

1 Overview of Endpoint Upgrade Assistant How Endpoint Upgrade Assistant works 8 McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide

2 Preparing 2 to upgrade Contents Best practices before you upgrade McAfee product requirements for upgrades Planning your deployment options Setting up your test environment High-level workflow for upgrades How to use Endpoint Upgrade Assistant Best practices before you upgrade To streamline the upgrade process, follow these best practices before upgrading. Set up a test environment Select a subset of your System Tree to upgrade as a test. Upgrading in a test environment allows you to verify that endpoints upgrade as expected, and make changes as needed, before deploying upgrades to all endpoints. Disable features that detect and reinstall uninstalled products If you have set up applications or processes to detect when programs are uninstalled and reinstall them automatically, be sure to disable this functionality. Upgrade Automation can uninstall legacy products during the upgrade process. Make sure your endpoint doesn't reinstall them before the tool installs upgraded products. Install Endpoint Upgrade Assistant Endpoint Upgrade Assistant is a self-contained McAfee epo extension that you install on the McAfee epo server. Endpoint Upgrade Assistant also checks in the Endpoint Upgrade Automation client package to all branches of McAfee epo. This lets you deploy from any branch. Deploy the Upgrade Automation client package Deploy to endpoints in your environment to enable Upgrade Automation features. Check that endpoints meet requirements for analysis Endpoint Upgrade Assistant analyzes endpoints managed with McAfee Agent. If your environment includes endpoints that don't meet the requirements, such as management by McAfee Agent, Endpoint Upgrade Assistant can't analyze them and reports them as Blocked from Upgrades. Prepare for migration if you want to preserve settings for legacy products To preserve custom settings for legacy products, you need to migrate those settings on the McAfee epo server during the upgrade process. To prepare for migration: Review your custom policy settings and client tasks, consolidating them where possible. Remove duplicate and unused policies and tasks. Install the Endpoint Migration Assistant extension. McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide 9

2 Preparing to upgrade McAfee product requirements for upgrades See the McAfee Endpoint Security Migration Guide for more information. Prepare for deployment with third-party solutions, if applicable If you plan to deploy with third-party solutions, download the Package Creator tool from Software Manager to the system where you plan to run it. See also Troubleshooting blocked endpoints on page 28 Setting up your test environment on page 12 McAfee product requirements for upgrades Upgrade Automation requires that compatible McAfee products are installed on endpoints you plan to upgrade and that all required packages are checked in. When you upgrade to Endpoint Security, some product modules are required and some are optional. Supported McAfee products Endpoint Upgrade Automation can upgrade endpoints to Endpoint Security if they have any combination of the following products: VirusScan Enterprise, version 8.8 (all patches) McAfee Host IPS, version 8 (all patches) SiteAdvisor Enterprise, version 3.5 and later McAfee Agent, version 4.8.x and later McAfee Threat Intelligence Exchange (TIE) for VirusScan Enterprise, version 1.x and later McAfee DLP, versions 9.3.500.22 and earlier Upgrade Automation can coexist on the endpoint with these products, but does not alter them: McAfee Access and Change Control, version 6.1.2.440-6.1.3.0, 6.1.3.440-6.1.4.0, or 6.2.0.504 and later McAfee Data Exchange Layer (DXL), version 2.0.1.162 and later McAfee DLP, version 9.3.500.23 and later McAfee Drive Encryption, version 7.1.1 and later McAfee File and Removable Media Protection (FRP), version 4.3.1.153 and later McAfee Native Encryption Checking in McAfee products When you install the Endpoint Upgrade Assistant extension, the package is checked in to all McAfee epo branches: Current, Evaluation, and Previous. This lets you deploy automatic upgrades from any branch. For Endpoint Upgrade Assistant to run successfully, you must check in these packages to the same McAfee epo branch where you plan to deploy Endpoint Upgrade Assistant: McAfee Agent, version 5.0.5 or later Endpoint Security, version 10.2.1, 10.2.2, 10.5.1, 10.5.2, or 10.5.3 Upgrade Automation can also upgrade incompatible versions of McAfee DLP to version 9.3 patch 6, which is compatible with Endpoint Security versions 10.x. To upgrade McAfee DLP, you must check in its client software to the same McAfee epo branch where you plan to deploy Endpoint Upgrade Assistant. 10 McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide

Preparing to upgrade Planning your deployment options 2 Endpoint Security modules Endpoint Security has three main product modules: Threat Prevention (Required) Firewall Web Control All modules are selected to install, by default. You can specify not to install optional modules. Threat Prevention is required (and the Common module is silently installed with it). Endpoint Upgrade Assistant installs the products that you have checked in to McAfee epo. If you do not select any modules to install or check them in to McAfee epo, the Upgrade Automation deployment task fails. Planning your deployment options Endpoint Upgrade Assistant lets you customize upgrades by specifying options for the upgrade workflow when you create the package file and deployment task. Before upgrading, you should decide which options you want to use. Specify these options in different ways, depending on your deployment method. Keeping compatible versions of McAfee Agent When McAfee Agent version 5.0.2.333 or later is installed on an endpoint where you plan to upgrade Endpoint Security, upgrading McAfee Agent is optional. You can choose not to upgrade McAfee Agent when you create the deployment task. When you specify this option and a compatible version of McAfee Agent is present on the endpoint, the McAfee Agent installation package isn't downloaded and the McAfee Agent isn't upgraded. If all the endpoints you plan to upgrade have versions of McAfee Agent that are compatible with Endpoint Security, it is not necessary to check in McAfee Agent version 5.0.5 to the McAfee epo branch. However, if an incompatible version of McAfee Agent is installed on any endpoint, the deployment task attempts to download the version of McAfee Agent that is checked in. In these cases: If version 5.0.5 or later is checked in Upgrade Automation upgrades McAfee Agent and installs Endpoint Security. If version 5.0.5 or later is not checked in Upgrade Automation fails on the endpoints that have an incompatible version of McAfee Agent. This option is available on the Overview tab in Endpoint Upgrade Assistant or as a command-line option in McAfee epo. It is also available in Package Creator. Keeping compatible versions of Host Intrusion Prevention By default, Endpoint Upgrade Assistant removes McAfee Host IPS version 8.x, when it is installed on an endpoint you are upgrading, and replaces it with Endpoint Security. However, you can choose not to upgrade this product when you create the deployment task. These versions of McAfee Host IPS can co-exist with Endpoint Security on the same endpoint: Version 8 Patch 5-7 with Hotfix 1153407 Version 8 Patch 8 McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide 11

2 Preparing to upgrade Setting up your test environment When they co-exist, you can enable the Host Intrusion Prevention and Firewall functionality in either Endpoint Security or McAfee Host IPS. When these functions are enabled in McAfee Host IPS, they are disabled in Endpoint Security, even when enabled by policy. When you specify this option and a compatible version of McAfee Host IPS is present on the endpoint, the McAfee Host IPS installation package isn't downloaded and McAfee Host IPS isn't upgraded. This option is available on the Overview tab in Endpoint Upgrade Assistant or as a command-line option in McAfee epo. It is also available in Package Creator. Forcing removal of McAfee product files Normally, Endpoint Upgrade Assistant removes only detected products during deployment, but you can force it to remove undetected McAfee products. This option forces Endpoint Upgrade Assistant to remove any version of VirusScan Enterprise, McAfee Host IPS, McAfee DLP, or Endpoint Security, regardless of whether they were ever installed on the endpoint. This option overrides the options to keep compatible versions of Host Intrusion Prevention and McAfee Agent. If McAfee DLP is installed during deployment, it is not reinstalled. After forced product removal, McAfee Agent is upgraded. Then you need to restart the endpoint before the rest of the products are upgraded. Until you restart the endpoint, the endpoint does not have any functional security software installed. Forced removal resolves issues with failed installations. Don't use this option when upgrading from one version of Endpoint Security to another. Best practice: Use this option when deploying to endpoints where Endpoint Security installations have failed because previous versions of McAfee products were not removed completely and some files remain on the endpoint. This option is available as a command-line option in McAfee epo. It is also available in Package Creator. Reporting in System Custom Property fields Endpoint Upgrade Assistant provides the ability to monitor some endpoint events during deployment by using command-line options. This allows you to know when specific events occur and respond to them, if needed. For example, you can check when it's time to restart the endpoint after a forced product removal or after upgrading McAfee DLP. Events are reported in one of the four Custom fields that appear on the System Properties tab of the McAfee epo System Details page. This option is available as a command-line option in McAfee epo. See also Supported command-line options for upgrades on page 20 Setting up your test environment Use a test environment to upgrade a subset of endpoints in preparation for performing a controlled rollout of Endpoint Upgrade Automation package across your environment. Upgrade Automation ensures that endpoints do not end up in an unsuitable state. However, upgrades for multiple products, groups, and endpoint types involve many components, and you might not always anticipate all the results correctly. It's important to test upgrades in test environments or small groups before upgrading your entire environment. 12 McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide

Preparing to upgrade High-level workflow for upgrades 2 General guidelines Review these best practices before setting up your test environment. Do not include endpoints that are essential to your daily operations in your test environment. Select endpoints that reflect the diversity of your environment. For example, include one endpoint from each upgrade step. Use the Overview tab to identify suitable endpoints by reviewing the software running on them. Use the Prepare tab to ensure that the necessary software packages are available in the correct software branch. Use the Deploy & Track tab to identify the deployments performed using Endpoint Upgrade Assistant. When selecting a test environment, make sure that you consider the following information to identify representative endpoints: McAfee product combinations and versions Operating systems Servers and workstations Best practice: Test on a subset of servers before upgrading your entire server environment. Validate the upgrade on servers and workstations. Some endpoints might require a restart. You need to restart them manually; the Upgrade Automation deployment task doesn't initiate a restart after all upgrades are complete. High-level workflow for upgrades Follow this workflow to upgrade your environment to Endpoint Security. Before upgrading, ensure that your environment and the systems you plan to upgrade meet the requirements. See the McAfee Endpoint Security Installation Guide and McAfee epolicy Orchestrator Product Guide for more information about these tasks. 1 Prepare policies as needed. 2 On the Endpoint Upgrade Assistant landing page, analyze your environment. 3 On the Overview tab, view all products that require upgrades and determine which systems are suitable for immediate, automatic upgrade. If some systems are blocked from upgrading, you can manually upgrade them with required products, then re-analyze your environment. 4 On the Prepare tab, verify that all required software is available (check in or download). 5 Manually update the content files required for Endpoint Security. 6 Migrate policies, client tasks, and other settings from supported legacy products on the McAfee epo server. (Required only when migrating legacy product settings.) 7 Configure policies as needed. McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide 13

2 Preparing to upgrade How to use Endpoint Upgrade Assistant 8 Deploy or install the client software with default or custom settings. Endpoint Upgrade Assistant provides multiple options for deploying with McAfee epo tasks. You can also use Package Creator to create custom installers for use with third-party deployment solutions. Best practice: Restart the endpoints after Endpoint Upgrade Automation runs. Upgrade Automation doesn't restart endpoints after deployment. You need to restart them manually, taking care to consider the effects of restarts in server environments. 9 Verify that the upgrade completed successfully. See also Create a deployment task in Endpoint Upgrade Assistant on page 18 Create a deployment task in McAfee epo on page 19 Create product installers with Package Creator on page 25 How to use Endpoint Upgrade Assistant Upgrade tasks are grouped together on tabs that display the information you need to analyze, plan, upgrade, and track deployments to your endpoints. Launching Endpoint Upgrade Assistant After installing the Endpoint Upgrade Assistant extension, double-click the product in the McAfee epo Software menu. Analyzing your environment On the landing page, select these options, then analyze your environment to find out what upgrades are required: Version of Endpoint Security to upgrade to. Endpoints to analyze Analyze the entire System Tree or a single group and its subgroups. You can use the System Tree to select subsets of your environment for analysis, which might reduce the time required to perform the analysis and provides flexibility when planning upgrades. The time required to analyze your selection depends on the size of the McAfee epo database and the number of endpoints selected. This option lets you select a subset of your environment for a test environment, so that you can deploy and verify upgrades to non-critical endpoints before upgrading your entire environment. Endpoint Upgrade Assistant analyzes the McAfee epo database to determine what endpoint software is in your environment and how that compares to the product versions recommended by McAfee. Getting a visual overview of your environment The top of each tab features a pie chart and table that summarize the number of systems in four categories: Upgrade complete Successfully upgraded to Endpoint Security. Ready to upgrade Ready to upgrade to Endpoint Security using Upgrade Automation. Require product upgrades Running incompatible versions of McAfee products that you need to upgrade manually before running Upgrade Automation. Blocked from upgrading Can't be upgraded or analyzed by Endpoint Upgrade Assistant. A checkbox lets you exclude systems that aren't managed by McAfee Agent from this overview. 14 McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide

Preparing to upgrade How to use Endpoint Upgrade Assistant 2 Search, sort, filter, and validate Endpoint Upgrade Assistant results by downloading the information for each category in comma-separated values (CSV) format. Use this information for purposes such as debugging, identifying the endpoints required for upgrades, and resolving differences between the reported and expected status of endpoints. View Systems Displays a page listing the corresponding systems that you can export. Export System and Product Details Creates a list of endpoints with their name, path, and type (server or workstation). Adds the products and versions running on endpoints. This lets you sort by product to create a listing of all endpoints running each version of each product (for example, outdated versions of McAfee Agent). Getting a detailed overview of your environment After analysis is complete, use the Overview tab to identify systems that: Are ready to upgrade to Endpoint Security automatically. Have incompatible software installed See the steps required to make them compatible for upgrades. You can tag these systems, create deployment tasks to upgrade them, then re-analyze your environment to determine whether they are ready to upgrade automatically. Have issues that prevent Endpoint Upgrade Assistant from analyzing or upgrading them Resolve these issues, then re-analyze your environment. The Overview tab provides details about: Products and number of endpoints that require upgrades. The minimum product versions required for upgrades. KnowledgeBase articles with additional information about the products to be upgraded. Current versions of products in your environment and number of endpoints where they are installed. When McAfee Agent or McAfee Host Intrusion Prevention is installed on endpoints that you plan to upgrade, these deployment options are available: Do not remove versions of McAfee Agent that are compatible with McAfee Endpoint Security When this option is selected and a compatible version of McAfee Agent is installed, it won't be upgraded. Do not remove McAfee Host Intrusion Prevention (do not use Endpoint Security Firewall) When this option is selected and a compatible version of McAfee Host Intrusion Prevention is installed, it won't be uninstalled and Endpoint Security Firewall will not be enabled. Preparing to upgrade Use the Prepare tab to make sure the required software is available for automatic upgrades. Endpoint Upgrade Assistant lists the software packages that you need to check in to Software Manager. It shows what is currently checked in and what needs to be upgraded to meet the product versions recommended by McAfee. Check in all packages to the same branch. When you installed the Endpoint Upgrade Assistant extension, the Upgrade Automation client package was checked in to all McAfee epo branches. This lets you deploy Upgrade Automation from any branch. After checking in the required software packages, click Refresh to confirm that your server is up to date. McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide 15

2 Preparing to upgrade How to use Endpoint Upgrade Assistant Use the information on this tab to identify: Product client packages required for upgrades. Product client packages currently checked in You can view the Current, Evaluation, or Previous branch. You must check in all packages to the same branch to use Upgrade Automation. Product extensions required If the products you're upgrading require a product extension, install those on the McAfee epo server manually. Endpoint Upgrade Assistant checks for minimum requirement versions for all products except Endpoint Security and McAfee DLP. It looks for specific versions of those products. You can keep versions of McAfee Agent and McAfee Host IPS that are compatible with Endpoint Security during deployment by selecting options when you create the deployment task. Deploying and tracking upgrades in Endpoint Upgrade Assistant Use the Deploy & Track tab to create deployment tasks for automatic upgrades and verify the status of scheduled deployment tasks. Click Create Deployment Task to configure and schedule an automatic upgrade. Check the status of deployment tasks you have created For deployment tasks that are running or completed, view the status of the upgrade on each endpoint (Install Successful, Failed, or Pending). See also Best practices for managing upgrade information on page 27 Export system and product information on page 28 Troubleshooting blocked endpoints on page 28 16 McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide

3 Upgrading 3 with McAfee epo Contents Deployment options using McAfee epo tasks What happens during upgrades Workflow for upgrading with McAfee epo Create a deployment task in Endpoint Upgrade Assistant Create a deployment task in McAfee epo Deployment options using McAfee epo tasks You can deploy upgrades using Endpoint Upgrade Assistant or standard McAfee epo deployment methods. In Endpoint Upgrade Assistant Create a deployment task on the Deploy & Track tab. In McAfee epo: Create a deployment task on the Product Deployment page. Create a client McAfee Agent deployment task. What happens during upgrades When you deploy the Upgrade Automation package to an endpoint, it performs all the tasks required to remove existing versions of McAfee products and install new or upgraded versions. 1 Downloads McAfee Endpoint Security, McAfee Agent, and McAfee Data Loss Prevention (depending on options selected when creating the deployment task) from McAfee epo. 2 Copies legacy product policies locally on the endpoint. 3 Removes supported legacy products, verifies the removal, and performs cleanup, if required. 4 Upgrades the McAfee Agent (if selected) and installs Endpoint Security, which then applies the local policies. 5 Endpoint Security checks with McAfee epo for new policies. 6 Upgrades McAfee Data Loss Prevention to version 9.3 patch 6 (if the current version is incompatible with Endpoint Security). Workflow for upgrading with McAfee epo Follow this workflow to upgrade endpoints using McAfee epo. Before upgrading, ensure that your environment and the systems you plan to upgrade meet the requirements. McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide 17

3 Upgrading with McAfee epo Create a deployment task in Endpoint Upgrade Assistant See the McAfee Endpoint Security Installation Guide and McAfee epolicy Orchestrator Product Guide for more information about these tasks. 1 Prepare policies as needed. If you are migrating legacy policies Review and revise your settings to eliminate unused, outdated, and duplicate settings. If you are preconfiguring policies Create a custom package using Endpoint Security Package Designer. See the McAfee Endpoint Security Installation Guide for instructions. 2 On the Endpoint Upgrade Assistant landing page, analyze your environment. 3 On the Overview tab, view all products that require upgrades and determine which systems are suitable for immediate upgrade. 4 On the Prepare tab, verify that all required software is installed and checked in to McAfee epo. If some systems are blocked from upgrading, you can manually upgrade them with required products, then re-analyze your environment. 5 Manually update your McAfee epo server with the latest AMCore and Exploit Prevention content files required for Endpoint Security. See the McAfee Endpoint Security Installation Guide for instructions. See the Endpoint Security Common Product Guide for more information about content files. 6 (Required only when migrating legacy product settings.) Migrate policies, client tasks, and other settings from supported legacy products on the McAfee epo server. You need to install the Migration Assistant extension before migrating. See the McAfee Endpoint Security Migration Guide for more information. 7 Configure policies as needed. 8 Create a deployment task, then deploy the client software to endpoints. Best practice: Restart the endpoints manually after upgrading, taking care to consider the effects of restarts in server environments. Upgrade Automation doesn't restart endpoints after deployment. 9 Verify that the deployment task completed successfully. In Endpoint Upgrade Assistant Check the Deploy & Track tab for the status of the task and endpoints. In McAfee epo Check that the client software is installed and up to date on all endpoints. Create a deployment task in Endpoint Upgrade Assistant Create a McAfee epo deployment task directly from the Deploy & Track tab. This deploys products using Upgrade Automation. Before you begin You have prepared and tagged endpoints for upgrade in Endpoint Upgrade Assistant and created an Upgrade Automation package. See the McAfee epo Product Guide for more information. 18 McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide

Upgrading with McAfee epo Create a deployment task in McAfee epo 3 Task 1 On the Deploy & Track tab, click Create Deployment Task. 2 On the Create Deployment Task page, specify a name for the task. The branch and product options that were selected on the Prepare and Overview tabs appear. If you want to change them, cancel this task, select the correct settings on those tabs, then begin this task again. 3 For Policy Migration, select the checkbox to acknowledge that you have either migrated legacy custom policies and client tasks or understand that McAfee Default policy settings will be enforced. (Required only when migrating legacy product settings.) 4 Specify when to run the deployment task. The default setting is Run immediately. If you're scheduling it for later, specify a date and time. 5 Select the systems to upgrade. By default, both workstations and servers are upgraded. You can also select individual systems from a list. 6 Click Create. 7 Verify that the information for the task is correct, then click OK. Create a deployment task in McAfee epo When systems are ready to upgrade using Upgrade Automation, you can deploy upgrades with standard McAfee epo deployment methods. Before you begin You have prepared and tagged endpoints for upgrade in Endpoint Upgrade Assistant and created an Upgrade Automation package. Task 1 In McAfee epo: On the Product Deployment page in McAfee epo, create a new deployment task. From the Client Task Catalog in McAfee epo, select a Client Task Type of McAfee Agent Product Deployment Task, then create a new task. 2 From the Product and Components section, select the Upgrade Automation package that you installed with Endpoint Upgrade Assistant. 3 From the Tag Catalog, select the Upgrade Automation tag that you created with Endpoint Upgrade Assistant. 4 Specify other options as needed. Upgrade Automation supports several command-line options. 5 Create the task. McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide 19

3 Upgrading with McAfee epo Create a deployment task in McAfee epo Supported command-line options for upgrades Upgrade Automation supports these command-line options for deployment tasks created in McAfee epo. Option --keephips --keepma --force --tag[=1 4] where: 1 4 specifies one of four Custom fields Description Do not upgrade versions of McAfee Host IPS that are compatible with Endpoint Security. Do not enable Endpoint Security Firewall. Do not upgrade versions of McAfee Agent that are compatible with Endpoint Security. Force removal of VirusScan Enterprise, McAfee Host IPS, McAfee DLP, and Endpoint Security. This option overrides the --keephips option. Report endpoint events in a Custom field on the System Properties tab in the McAfee epo System Details page. For example, --tag=3 reports endpoint events in the Custom 3 field, and --tag or --tag=1 reports in the Custom 1 field. Supported events for Custom fields Not all upgrade workflows use all the supported event properties. Endpoint Upgrade Assistant reports these properties: Property EUA_CLIENT_EXECUTION_STARTED EUA_REBOOT_REQUIRED ENS_INSTALL_PENDING EUA_ENDPOINT_REBOOTED ENS_INSTALLING EUA_EXECUTION_COMPLETE Description Endpoint upgrade has started. Restart the endpoint. Endpoint has been restarted. Endpoint Security is installing. Deployment task is completed. Check the status of the deployment task on the Deploy & Track tab. EUA_EXECUTION_COMPLETE REBOOT_REQUIRED DLP_UPGRADED Deployment task is completed. Check the status of the deployment task on the Deploy & Track tab. Restart the endpoint to enable McAfee DLP. These are some general guidelines for using the Custom fields: Endpoint Upgrade Assistant doesn't remove or change the value displayed. For example, if you restart an endpoint, the REBOOT_REQUIRED value doesn't change. The value in the Custom field isn't updated or removed until it is overwritten by another task on the endpoint. If a Custom field is being used by another application for another purpose, reporting for Endpoint Upgrade Assistant might be affected. The --tag option is not related to tagging endpoints for updates in the System Tree. Compatibility of command-line options Command-line options are case sensitive. If you enter an invalid or an unrecognized option, the upgrade fails. 20 McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide

Upgrading with McAfee epo Create a deployment task in McAfee epo 3 Specifying multiple options can result in conflicting actions. Here's how Endpoint Upgrade Assistant resolves conflicting command-line options: Options --keepma --keephips --keephips --keepma --force --keepma --keephips --force Result Does not upgrade McAfee Agent or remove Host Intrusion Prevention if they are compatible with Endpoint Security. Forces removal of VirusScan Enterprise, McAfee Host IPS, McAfee DLP, and Endpoint Security. Upgrades McAfee Agent (ignores --keepma). Forces removal of VirusScan Enterprise, McAfee Host IPS, McAfee DLP, and Endpoint Security (ignores --keephips). Upgrades McAfee Agent. "--tag=2 --keepma --keephips Does not upgrade McAfee Agent or McAfee Host IPS if they are compatible with Endpoint Security. Reports endpoint events in the Custom 2 field on the System Properties tab in the McAfee epo System Details page. McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide 21

3 Upgrading with McAfee epo Create a deployment task in McAfee epo 22 McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide

4 4 Upgrading with other solutions Contents Using Package Creator to create custom product installers Workflow for upgrading with third-party tools Create product installers with Package Creator Using Package Creator to create custom product installers Download the Endpoint Upgrade Assistant Package Creator tool to create product installers for deployment with third-party solutions or McAfee epo. This custom product installer contains everything needed to upgrade systems to Endpoint Security: the installers for each product you plan to upgrade and the Upgrade Automation application. Package Creator requires administrator credentials. Locating the installers Package Creator generates a single product installer that contains an Endpoint Security installer, a McAfee Agent installer, McAfee DLP installer (if needed), and the Upgrade Automation client application. You must download all the installers for the products you plan to upgrade on the system where you run Package Creator. It uses these installers to create the final product installer. Upgrade options These options to configure a custom product installer. Endpoint Security modules to install By default, all modules are selected, but you can specify whether to install optional modules. When McAfee Agent or Host Intrusion Prevention are installed on endpoints that you plan to upgrade: Do not remove versions of McAfee Agent that are compatible with Endpoint Security Do not remove McAfee Host Intrusion Prevention (do not use Endpoint Security Firewall) Force removal of McAfee product files You can select an option to remove failed or partial installations of Endpoint Security, then reinstall the product. McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide 23

4 Upgrading with other solutions Workflow for upgrading with third-party tools Product installer options Select the type of product installer to create: A package for use with McAfee epo Check in this file to the McAfee epo server. Package Creator validates the package while creating it. Best practice: Check and increase the package size limit in McAfee epo before uploading large packages. This package can deploy all individual product installers with one deployment task and ensures that no additional downloads are required when upgrading to Endpoint Security. Because it contains the installer for McAfee Agent, you can move endpoints from one McAfee epo server to another during upgrades. Best practice: Use Package Creator to create a deployment package when you plan to move endpoints to a new McAfee epo server during the upgrade. An application for use with any third-party deployment solutions Check in this file to the repository for your third-party tool. This is a self-extracting.exe file that extracts the installers, then runs Upgrade Automation to automatically upgrade endpoints with the selected options. See also Create product installers with Package Creator on page 25 Increase package size limit in McAfee epo on page 33 Workflow for upgrading with third-party tools Follow this workflow to upgrade endpoints using third-party deployment solutions. You must have administrator credentials to use Package Creator. Before upgrading, ensure that your environment and the systems you plan to upgrade meet the requirements. See the McAfee Endpoint Security Installation Guide and McAfee epolicy Orchestrator Product Guide for more information about these tasks. 1 Download Package Creator from the Software Manager. 2 Prepare policies as needed. If you are migrating legacy policies Review and revise your settings to eliminate unused, outdated, and duplicate settings. If you are preconfiguring policies Create a custom package using Endpoint Security Package Designer. See the McAfee Endpoint Security Installation Guide for instructions. 3 On the Endpoint Upgrade Assistant landing page, analyze your environment. 4 On the Overview tab, view all products that require upgrades and determine which systems are suitable for immediate upgrade. 24 McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide

Upgrading with other solutions Create product installers with Package Creator 4 5 Download the installers for products you plan to upgrade. Download the McAfee Agent (version 5.0.5 or later) frame file from your target McAfee epo server. The file is named FramePkg.exe. Files named SmartInstaller.exe or Frminst.exe don't work. Download the version of Endpoint Security to install. Download Endpoint Security Bundle as a.zip file from Software Manager or the McAfee product download page: https://secure.mcafee.com/apps/downloads/my-products/login.aspx?region=us. A grant number is required to download the bundle. Download Data Loss Prevention and Device Control 9.3 (if required) from Software Manager or the McAfee product download page. This is also available as a.zip file from Software Manager or the McAfee product download page. 6 Manually update your McAfee epo server with the latest AMCore and Exploit Prevention content files required for Endpoint Security. See the McAfee Endpoint Security Installation Guide for instructions. See the Endpoint Security Common Product Guide for more information about content files. 7 (Required only when migrating legacy product settings.) Migrate policies, client tasks, and other settings from supported legacy products on the McAfee epo server. You need to install the Migration Assistant extension before migrating. See the McAfee Endpoint Security Migration Guide for more information. 8 Configure policies as needed. 9 Run Package Creator and create an executable product installer for third-party deployment. 10 Check in the product installer to the repository for your third-party tools, then deploy to endpoints. Best practice: Restart the endpoints manually after upgrading, taking care to consider the effects of restarts in server environments. Upgrade Automation doesn't restart endpoints after deployment. Create product installers with Package Creator Use Package Creator to create a single package or installation file that contains all the individual product installers required for upgrades. Then deploy the file with third-party solutions or McAfee epo. Before you begin You must have administrator credentials to use Package Creator. Before upgrading, ensure that your environment and the systems you plan to upgrade meet the requirements. Task 1 Download and install Package Creator from Software Manager, if you haven't already done so. 2 In Package Creator, specify the locations of the installers for Endpoint Security and McAfee Agent. The installer for McAfee Agent is called a frame package. 3 Select optional components to install. By default, all components are selected. Threat Prevention is required, but Endpoint Security Firewall and Web Control are optional. McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide 25

4 Upgrading with other solutions Create product installers with Package Creator 4 Select upgrade options, as needed. Do not remove versions of McAfee Agent that are compatible with McAfee Endpoint Security. Do not remove McAfee Host Intrusion Prevention (do not use Endpoint Security Firewall). Remove failed or partial installations of McAfee Endpoint Security and reinstall it (requires a restart). 5 Select the type of product installer to create: A package.zip file to deploy with McAfee epo. An executable application to install with third-party tools. 6 Click Create. 7 Verify that you've specified the correct information, then click Generate Package. Tasks Download the McAfee Agent frame file on page 26 Package Creator needs a compatible installer for McAfee Agent, to include in the custom installer that it generates. You need to download this installer, called a frame package, from your target McAfee epo server. Download the McAfee Agent frame file Package Creator needs a compatible installer for McAfee Agent, to include in the custom installer that it generates. You need to download this installer, called a frame package, from your target McAfee epo server. The correct file is named FramePkg.exe. Files named SmartInstaller.exe or Frminst.exe don't work. Task 1 In McAfee epo, click System Tree New Systems. 2 For How to add systems, select Create and download agent installation package. 3 For version, select Windows and 5.0.5 or later. 4 Click OK to download a valid McAfee Agent installer from your McAfee epo server. 26 McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide

5 Best 5 practices and troubleshooting Contents Best practices for managing upgrade information Troubleshooting blocked endpoints Troubleshooting installation and uninstallation issues Troubleshooting issues with Endpoint Upgrade Assistant Troubleshoot issues with Upgrade Automation Troubleshooting issues related to Package Creator Reporting an issue to McAfee Support Best practices for managing upgrade information Endpoint Upgrade Assistant uses several McAfee epo features that assist you with planning and implementing your upgrade strategy. Using queries and reports Each time it analyzes an environment, Endpoint Upgrade Assistant creates a query that you can view in McAfee epo under Queries & Reporting. Use these queries to create reports containing the information you need to plan and track your upgrades, then save them in PDF format. Endpoint Upgrade Assistant queries display results from the last System Tree or group you analyzed. Data from previous analyses is overwritten. Exporting system details System administrators can search, sort, filter, and validate Endpoint Upgrade Assistant results by downloading the information for a selected category in comma-separated values (CSV) format. Use this information for purposes such as debugging, identifying the endpoints required for upgrades, and resolving differences between the reported and expected status of endpoints. Export Systems Creates a list of endpoints with their name, path, and type (server or workstation). Export System and Product Details Adds the products and versions running on endpoints. This lets you sort by product to create a listing of all endpoints running each version of each product (for example, outdated versions of McAfee Agent). View Systems Displays a page listing the corresponding systems that you can export. Tag management Endpoint Upgrade Assistant creates McAfee epo tags to label endpoints in the McAfee epo database. Use them to tag endpoints that require the same upgrade steps, even if the endpoints are in different System Tree groups. McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide 27

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback