Install Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise

Table Of Contents

Dell Endpoint Security Suite Enterprise Advanced Installation Guide v3.0
Contents
Introduction
- Before You Begin
- Using This Guide
- Contact Dell ProSupport
Requirements
- All Clients
- Encryption
- Full Disk Encryption
- Encryption on Server Operating Systems
- Advanced Threat Prevention
  - Compatibility
- Client Firewall and Web Protection
- SED Manager
- BitLocker Manager
Registry Settings
- Encryption
- Full Disk Encryption
- Advanced Threat Prevention
- SED Manager
- BitLocker Manager
Install Using the Master Installer
- Install Interactively Using the Master Installer
- Install by Command Line Using the Master Installer
Uninstall the Master Installer
- Uninstall the Endpoint Security Suite Enterprise Master Installer
Install Using the Child Installers
- Install Drivers
- Install Encryption
- Install Full Disk Encryption
- Install Encryption on Server Operating System
- Install Advanced Threat Prevention Client
- Install Client Firewall and Web Protection
- Install SED Manager and PBA Advanced Authentication
- Install BitLocker Manager
Uninstall Using the Child Installers
- Uninstall Web Protection and Firewall
- Uninstall Advanced Threat Prevention
- Uninstall Full Disk Encryption
- Uninstall SED Manager
- Uninstall Encryption and Encryption on Server Operating System
- Uninstall BitLocker Manager
Data Security Uninstaller
Commonly Used Scenarios
- Encryption Client and Advanced Threat Prevention
- SED Manager and Encryption External Media
- BitLocker Manager and Encryption External Media
- BitLocker Manager and Advanced Threat Prevention
Provision a Tenant
- Provision a Tenant
Configure Advanced Threat Prevention Agent Auto Update
Pre-Installation Configuration for SED UEFI, and BitLocker Manager
- Initialize the TPM
- Pre-Installation Configuration for UEFI Computers
- Pre-Installation Configuration to Set Up a BitLocker PBA Partition
Designate the Dell Server through Registry
Extract Child Installers
Configure Key Server
- Services Panel - Add Domain Account User
- Key Server Config File - Add User for Security Management Server Communication
- Services Panel - Restart Key Server Service
- Management Console - Add Forensic Administrator
Use the Administrative Download Utility (CMGAd)
- Use Forensic Mode
- Use Admin Mode
Configure Encryption on a Server Operating System
Configure Deferred Activation
- Deferred Activation Customization
- Prepare the Computer for Installation
- Install Encryption with Deferred Activation
- Activate Encryption with Deferred Activation
- Troubleshoot Deferred Activation
Troubleshooting
- All Clients - Troubleshooting
- All Clients - Protection Status
- Dell Encryption Troubleshooting (client and server)
- Advanced Threat Prevention Troubleshooting
- SED Troubleshooting
- Dell ControlVault Drivers
  - Update Dell ControlVault Drivers and Firmware
- UEFI Computers
- TPM and BitLocker
Glossary

○ From Your Dell FTP Account - Locate the installation bundle at Endpoint-Security-Suite-Ent-2.x.x.xxx.zip and then

Extract the Child Installers from the Master Installer. After extraction, locate the file in C:\extracted\Advanced

Threat Prevention\WinXXR\ and C:\extracted\Advanced Threat Prevention\WinNtAll\.

● The Encryption Management Agent installer can be located at:

○ From Your Dell FTP Account - Locate the installation bundle at Endpoint-Security-Suite-Ent-2.x.x.xxx.zip and then

Extract the Child Installers from the Master Installer. After extraction, locate the file in C:\extracted\Encryption

Management Agent.

Command Line Installation

● Basic .msi commands are available for the installation.

● The following table details the parameters available for the installation.

Parameters

CM_EDITION=1 <remote management>

INSTALLDIR=<change the installation destination>

SERVERHOST=<securityserver.organization.com>

SERVERPORT=8888

SECURITYSERVERHOST=<securityserver.organization.com>

SECURITYSERVERPORT=8443

ARPSYSTEMCOMPONENT=1 <no entry in the Control Panel Programs list>

REBOOT=ReallySuppress <suppresses the reboot>

FEATURE=BASIC <

required

on a server operating system; may also be used (optionally) on a workstation operating

system; prevents SED management and BitLocker Manager installation>

For a list of basic .msi switches and display options that can be used in command lines, refer to Install Using the Child

Installers.

Example Command Lines

● The following example installs the basic Encryption Management Agent, without SED management or BitLocker Manager

(silent installation, no reboot, no entry in the Control Panel Programs list, installed in the default location of C:\Program

Files\Dell\Dell Data Protection).

EMAgent_XXbit_setup.exe /s /v"FEATURE=BASIC

CM_EDITION=1 SERVERHOST=server.organization.com SERVERPORT=8888

SECURITYSERVERHOST=server.organization.com SECURITYSERVERPORT=8443 ARPSYSTEMCOMPONENT=1 /

norestart /qn"

● The following example installs Advanced Threat Prevention (silent installation, no reboot, installation log file and installation

folder in the specified locations)

MSIEXEC.EXE /I "ATP_CSF_Plugins_x64.msi" /qn REBOOT="ReallySuppress" APPFOLDER="C:

\Program Files\Dell\Dell Data Protection\Advanced Threat Prevention\Plugins"

ARPSYSTEMCOMPONENT="1" /l*v "C:\ProgramData\Dell\Dell Data Protection\Installer

Logs\ATP_Plugins_x64.msi.log"

and

"\Advanced Threat Prevention\WinNtAll\ATP_AgentSetup.exe" /s EXTRACT_INSTALLERS /v"/qb!"

NOTE: These components must be installed by command line only. Double-clicking to install this component installs a non-Dell,

non-managed version of the product, which is not supported. If this is accidentally done, simply go to Add/Remove Programs

and uninstall that version.

Example Script

Install Using the Child Installers