Specifications
• "4.0.0" — Is the product revision number
• "1421" — Is the build number. That build number indicates this is "Patch 2"
To determine the build number-to-patch number relationship you must
go to the KnowledgeBase (KB) articles for each product. See Reference
documentation.
ePolicy Orchestrator server and McAfee Agent revisions
The two most relevant products for this document are the McAfee ePO server and the McAfee Agent.
Many users assume that the McAfee Agent version number must match the McAfee ePO server version
number. This is not true.
The agent and server versions are disjointed and do not have to be on the same major version. For
example, the McAfee ePO server 4.5 works fine with McAfee Agent 4.0 or 4.5.
There are limits to how far back the McAfee ePO server supports McAfee
Agents and those limits are clearly defined in the McAfee KnowledgeBase
articles for the products.
Determining the best upgrade strategy
If you are ready to upgrade you're the McAfee ePO server and your McAfee Agent you probably want
to know which product to upgrade first. There is no recommended order, but to approach it logically
upgrade the McAfee ePO server software first.
Upgrading your McAfee ePO server software first makes your backend architecture ready to speak to
your newly upgraded agents, when that occurs. Also, when you upgrade the McAfee ePO server you
are only impacting one device, you're the McAfee ePO server, compared to upgrading the agents which
impacts all devices in your environment.
1051 and 1059 events
If you have not looked at your Event Filtering in a long time on your McAfee ePO server, run the
custom Event Summary Query and check the output. See Event summary queries for details.
The two most common events seen in customer environments are:
• 1051 — Unable to scan password protected file
• 1059 — Scan timed out
These two events are enabled by default on the McAfee ePO server and if you never disabled them you
might find a significant number of these events when you run the Event Summary Query. These two
events can, for some users, make up 80% of the events in the database, use a tremendous amount of
space, and impact the performance of the database.
So why are they in there and why are they enabled? They have historic significance going back several
years and they were meant to give the administrator full disclosure that a file was not scanned by
VirusScan Enterprise. This failure to scan the file could be for one of two reasons:
FAQ and common scenarios
Determining the best upgrade strategy
12
McAfee
®
ePolicy Orchestrator
®
4.0 and 4.5 Best Practices Guide
103