View as PDF.
Contents:
1. Confirming Virus Definitions (DAT)
2. Updating and Deploying Packages
3. Updating and Deploying Software and DAT
1. Confirming that clients are using the latest DAT files
There are two methods for this task:
a. Click Menu | Reporting | Queries, select VSE: DAT Deployment in the Queries list, and then click Actions | Run.
b. Click Menu | Reporting | Dashboard and you will find the version number shown in the left top panel
.
2. Updating the Deploying Packages
2.1 Deploying update packages automatically with global updating
NOTE: Only global administrators can perform this task.
1. Click Menu | Configuration | Server Settings, select Global Updating, then click Edit at the bottom of the page.
2. On the Edit Global Updating page next to Status, select Enabled.
3. Edit the Randomization interval, if desired. The default is 20 minutes. Each client update occurs at a randomly selected time within the randomization interval, which helps distribute network load. For example, if you update 1000 clients using the default randomization interval of 20 minutes, roughly 50 clients update each minute during the interval, lowering the load on your network and on your server. Without the randomization, all 1000 clients would try to update simultaneously.
4 Next to Packages types, select which packages initiate an update. Global updating initiates an update only if new packages for the components specified here are checked in to the master repository or moved to another branch. Select these components carefully.
Signatures and engines — Select Host Intrusion Prevention Content, if needed.
NOTE: Selecting a package type determines what initiates a global update (not what is updated during the global update process). Agents receive a list of updated packages during the global update process. The agents use this list to install only updates that are needed.
5. When finished, click Save.
Once enabled, global updating initiates an update the next time you check in any of the selected packages or move them to another branch.
NOTE: Be sure to run a Pull Now task and schedule a recurring Repository Pull server task, when you are ready for the automatic updating to begin.
2.2 Checking in engine, DAT and ExtraDAT update packages manually
NOTE: This task is especially for those packages which can only be checked in manually.
NOTE: You cannot check in packages while pull or replication tasks are running.
1. Click Menu | Software | Master Repository, then click Actions | Check In Package. The Check In Package wizard opens.
2. Select the package type, then browse to and select the desired package file.
3. Click Next. The Package Options page appears.
4. Select a branch:
• Current — Use the packages without testing them first.
• Evaluation — Used to test the packages in a lab environment first.
NOTE: Once you finish testing the packages, you can move them to the Current branch by clicking Menu | Software | Master Repository.
• Previous — Use the previous version to receive the package.
5. Next to Options, select whether to:
• Move the existing package to the Previous branch — Select this option to move the existing package (of the same type that you are checking in) to the Previous branch.
6. Click Save to begin checking in the package. Wait while the package is checked in.
2.3 Checking in packages manually
NOTE: You cannot check in packages while pull or replication tasks are running.
1. Click Menu | Software | Master Repository, then click Actions | Check In Package. The Check In Package wizard opens.
2. Select the package type, then browse to and select the desired package file.
3. Click Next. The Package Options page appears.
4. Confirm or configure the following:
• Package info — Confirm this is the correct package.
• Branch — Select the desired branch. If there are requirements in your environment to test new packages before deploying them throughout the production environment, McAfee recommends using the Evaluation branch whenever checking in packages. Once you finish testing the packages, you can move them to the Current branch by clicking Menu | Software | Master Repository.
• Options — Select whether to:
• Move the existing package to the Previous branch — When selected, moves packages in the master repository from the Current branch to the Previous branch when a newer package of the same type is checked in. Available only when you select Current in Branch.
• Add this package to the global update list — Adds the package to the Distributed repository. A SuperAgent call also occurs, forcing the package to be installed on all the managed systems.
• Package signing — Specifies if the package is signed by McAfee or is third-party package.
5. Click Save to begin checking in the package. Wait while the package is checked in. The new package appears in the Packages in Master Repository list on the Master Repository tab.
3. Updating and Deploying Software and DAT
3.1 Using the Product Deployment task to deploy products to managed systems
1. Click Menu | Systems | System Tree | Client Tasks, and then select a group in the System Tree.
2. Click Actions | New Task. The Client Task Builder wizard opens.
3. Type the name of the task and add any descriptive information to the Notes field. The information you add here is visible only when you open the task at this group, or at a child group that inherits the task from this group.
4. Select Product Deployment (McAfee Agent) from the Type drop-down menu.
5. Next to Tags, select the desired platforms to which you are deploying the packages:
• Send this task to all computers.
• Send this task to only computers that have the following criteria — Use one of the edit links to configure the criteria.
6. Click Next. The Configuration page appears.
7. Next to Target platforms, select the type(s) of platform to use the deployment.
8. Next to Products and components, set the following:
• Select the desired product from the first drop-down menu. The products listed are those for which you have already checked in a package to the master repository. If you do not see the product you want to deploy listed here, you must first check in that product’s package.
• Set the Action to Install, then select the Language of the package, and the Branch.
• To specify command-line installation options, type the desired command-line options in the Command line text field. See the product documentation for information on command-line options of the product you are installing.
9. Next to Options, select if you want to run this task for every policy enforcement process (Windows only).
10. Click Next. The Schedule page appears.
11. Schedule the task as needed, then click Next. The Summary page appears.
12. Review and verify the details of the Product Deployment task, then click Save.
3.2 Updating managed systems regularly with a scheduled update task
NOTE: If you are not using global updating, this daily Update client task is recommended to ensure systems are up-to-date with the latest DAT and engine files.
1. Click Menu | Systems | System Tree | Client Tasks. Select the desired group in the System Tree where you want the task to apply, then click Actions | New Task. The Client Task Builder wizard opens.
2. On the Description page, type the name and describe the task.
3. Select Product Update from the Type drop-down list.
4. Next to Tags, select the desired platforms to which you are deploying the packages:
• Send this task to all computers
• Send this task to only computers that have the following criteria — Use one of the edit links to configure the criteria.
5. Click Next. The Configuration page appears.
6. Next to the Update in Progress Dialog Box select if you want the users to be aware an update is in process and if you want to allow them to postpone the process.
7. Next to Package types select one of the following:
• All packages.
• Selected packages — If selected, you must configure which of the following to include:
• Signatures and engines
NOTE: When configuring individual signatures and engines, if you select Engine and deselect DAT when the new engine is updated a new DAT is automatically updated to ensure complete protection.
• Patches and service packs
• Others
8. Click Next. The Schedule page appears.
9. Schedule the task as desired, then click Next. The Summary page appears.
10. Review the details of the task, then click Save.
4. References
McAfee, Inc., McAfee ePolicy Orchestrator 4.5 Product Guide, 2009
0 comments:
Post a Comment