Manualshelf

Specifications

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
41424344454647484950
Using third-party tools is not a requirement, but your organization might have strict policies that
dictate how products are deployed for consistency and change control reasons. Some common
deployment tools include:
Microsoft SCCM (formerly known as SMS)
IBM Tivoli
Novell Zenworks
BMC Client Automation (formerly Marimba)
Simple logon scripts
The process used to deploy the agent for the first time using these third-party tools is very
straightforward. See McAfee ePolicy Orchestrator 4.5 Product Guide for details.
The McAfee Agent file, named FramePkg.exe, has several installation switches to choose from. At a
minimum you need to tell the agent to install itself and optionally, do not show the installation GUI to
the end user using the /s switch. Following is an example of this command:
FramePkg.exe /install=agent /s
Make the agent part of your image
An installed McAfee Agent on every system in your environment ensures ePolicy Orchestrator
compliance in your organization. The best strategy for ePolicy Orchestrator compliance is to make your
systems all receive the McAfee Agent during the imaging process.
To obtain complete ePolicy Orchestrator compliance requires planning and communication with your
build team to ensure the McAfee Agent is part of every system from the beginning. That also ensures
any required McAfee product and associated policy is pulled from the McAfee ePO server by the agent
on your machines. This ensures maximum coverage and is imperative for environment security. There
are two options when making the agent part of your build process:
Option 1 — Include the agent in your Windows image before freezing or finalizing the image.
Option 2 — Run the agent executable after your image is created using a repeatable script.
Both of these options install the McAfee Agent on the managed systems. Once you have agents as
part of your imaging process they automatically call in to the McAfee ePO server within 10 minutes
and receive whatever policy and products are dictated by ePolicy Orchestrator. At this point you can
either allow your newly built machines to call into the McAfee ePO server and receive a client task to
install the proper McAfee endpoint products, or you can make the endpoint products part of your build
process and included them in the original image.
Here are some pointers to help you decided which option to use:
The initial pull of multiple McAfee endpoint products can take a lot of bandwidth. If you have
bandwidth constraints make the products part of your original image.
If your build process occurs on a network where your imaged machines do not have network
connectivity to the McAfee ePO server then make the endpoint products part of your imaging process.
It takes up to 10 minutes for the agent to call into the McAfee ePO server on the first
communication. Plus, it will take several more minutes to download, install, and update the
VirusScan Enterprise products using a client task. If timing is a concern, and you don't want to wait
15 or 20 minutes for the products to install, make the McAfee products part of your image.
Make sure you delete the agent GUID before freezing the image if you
choose option 1.
6
McAfee Agent
Deploying agents
48
McAfee
®
ePolicy Orchestrator
®
4.0 and 4.5 Best Practices Guide