Upload
duongdung
View
278
Download
12
Embed Size (px)
Citation preview
Installation Guide
McAfee Endpoint Security 10.5.0For use with McAfee ePolicy Orchestrator
COPYRIGHT
© 2016 Intel Corporation
TRADEMARK ATTRIBUTIONSIntel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee ActiveProtection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfeeTotal Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.Other marks and brands may be claimed as the property of others.
LICENSE INFORMATION
License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.
2 McAfee Endpoint Security 10.5.0 Installation Guide
Contents
Preface 5About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1 Product overview 7Endpoint Security modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Options for installation and upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . 8New features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8How the product works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
The role of the security management platform . . . . . . . . . . . . . . . . . . . 10Security management options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Self-management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Management with McAfee ePO . . . . . . . . . . . . . . . . . . . . . . . . . 11Management with McAfee ePO Cloud . . . . . . . . . . . . . . . . . . . . . . . 13
Where to go from here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2 Pre-installation 15System requirements for Endpoint Security . . . . . . . . . . . . . . . . . . . . . . . 15Other virus-detection and firewall software . . . . . . . . . . . . . . . . . . . . . . . 17Preparing to install or upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Preconfiguring the product . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Create custom packages with Endpoint Security Package Designer . . . . . . . . . . . 19Install custom packages with McAfee ePO . . . . . . . . . . . . . . . . . . . . . 20Create a custom policy to import . . . . . . . . . . . . . . . . . . . . . . . . 21
Upgrading an existing version of the product . . . . . . . . . . . . . . . . . . . . . . . 22Are you ready to install? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3 Installation for systems managed with McAfee ePO and McAfee ePO Cloud 25Installation overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Upgrade the McAfee Agent on McAfee ePO-managed systems . . . . . . . . . . . . . . . . 27Install the product files on the management server . . . . . . . . . . . . . . . . . . . . 28Download Endpoint Security content files . . . . . . . . . . . . . . . . . . . . . . . . 29Deploy to multiple systems with deployment tasks . . . . . . . . . . . . . . . . . . . . 29Install on local systems with an installation URL . . . . . . . . . . . . . . . . . . . . . 31
Install the product with default settings . . . . . . . . . . . . . . . . . . . . . . 31Install the product with custom settings . . . . . . . . . . . . . . . . . . . . . 32Install with an installation URL . . . . . . . . . . . . . . . . . . . . . . . . . 33
Verify the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Uninstall from systems managed with McAfee ePO or McAfee ePO Cloud . . . . . . . . . . . 34
4 Installation for self-managed systems 37Installation overview for self-managed systems . . . . . . . . . . . . . . . . . . . . . 37Upgrade the McAfee Agent on self-managed systems . . . . . . . . . . . . . . . . . . . 38
McAfee Endpoint Security 10.5.0 Installation Guide 3
Install with the installation wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Install from the command line . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Verify the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Uninstall from a self-managed system . . . . . . . . . . . . . . . . . . . . . . . . . 40
5 Troubleshooting and reference 43Troubleshooting installation problems . . . . . . . . . . . . . . . . . . . . . . . . . 43
Test malware detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Using the MER tool for troubleshooting . . . . . . . . . . . . . . . . . . . . . . 43
Resolving error codes and messages . . . . . . . . . . . . . . . . . . . . . . . . . . 44Using command-line options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
SetupEP command-line options (McAfee ePO and McAfee ePO Cloud deployment tasks) . . 46SetupEP command-line options (self-managed) . . . . . . . . . . . . . . . . . . 47ESConfigTool command-line options . . . . . . . . . . . . . . . . . . . . . . 50
Log files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
A Adaptive Threat Protection installation 53About Adaptive Threat Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Install the product in managed environments . . . . . . . . . . . . . . . . . . . . . . 54
Using Adaptive Threat Protection on managed systems . . . . . . . . . . . . . . . 54System requirements for Adaptive Threat Protection . . . . . . . . . . . . . . . . 55Overview of Adaptive Threat Protection installation process . . . . . . . . . . . . . . 56Download and check in the components to McAfee ePO . . . . . . . . . . . . . . . 57Deploy Adaptive Threat Protection . . . . . . . . . . . . . . . . . . . . . . . . 58Verify the deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58What to do after installation . . . . . . . . . . . . . . . . . . . . . . . . . . 59Uninstall Adaptive Threat Protection . . . . . . . . . . . . . . . . . . . . . . . 59
Install the product on self-managed systems . . . . . . . . . . . . . . . . . . . . . . 60Using Adaptive Threat Protection on self-managed systems . . . . . . . . . . . . . . 60System requirements for Adaptive Threat Protection on self-managed systems . . . . . . 60Overview of Adaptive Threat Protection installation process . . . . . . . . . . . . . . 61Install Adaptive Threat Protection on the system . . . . . . . . . . . . . . . . . . 61Verify the installation on self-managed systems . . . . . . . . . . . . . . . . . . 61What to do after installation . . . . . . . . . . . . . . . . . . . . . . . . . . 62Uninstall Adaptive Threat Protection on self-managed systems . . . . . . . . . . . . 62
Index 63
Contents
4 McAfee Endpoint Security 10.5.0 Installation Guide
Preface
This guide provides the information you need to work with your McAfee product.
Contents About this guide Find product documentation
About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.
AudienceMcAfee documentation is carefully researched and written for the target audience.
The information in this guide is intended primarily for:
• Administrators — People who implement and enforce the company's security program.
ConventionsThis guide uses these typographical conventions and icons.
Italic Title of a book, chapter, or topic; a new term; emphasis
Bold Text that is emphasized
Monospace Commands and other text that the user types; a code sample; a displayed message
Narrow Bold Words from the product interface like options, menus, buttons, and dialog boxes
Hypertext blue A link to a topic or to an external website
Note: Extra information to emphasize a point, remind the reader of something, orprovide an alternative method
Tip: Best practice information
Caution: Important advice to protect your computer system, software installation,network, business, or data
Warning: Critical advice to prevent bodily harm when using a hardware product
McAfee Endpoint Security 10.5.0 Installation Guide 5
Find product documentationOn the ServicePortal, you can find information about a released product, including productdocumentation, technical articles, and more.
Task1 Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab.
2 In the Knowledge Base pane under Content Source, click Product Documentation.
3 Select a product and version, then click Search to display a list of documents.
PrefaceFind product documentation
6 McAfee Endpoint Security 10.5.0 Installation Guide
1 Product overview
McAfee®
Endpoint Security is a fully integrated security solution that protects servers, endpointcomputer systems, laptops, and tablets against a full spectrum of threats. These threats includemalware, suspicious communications, unsafe websites, and downloaded files. Endpoint Securityintercepts threats, monitors overall system health, and reports detection and status information.
The product can be installed on self-managed (standalone) systems or systems managed by thesesecurity management platforms:
• McAfee® ePolicy Orchestrator® (McAfee® ePO™) version 5.1.1 and later
• McAfee® ePolicy Orchestrator® Cloud (McAfee ePO™ Cloud)For the latest Endpoint Security management license and entitlement information, see KB87057.
Contents Endpoint Security modules Options for installation and upgrades New features How the product works Security management options Where to go from here
Endpoint Security modulesThe administrator configures and installs one or more Endpoint Security modules on client computers.
• Threat Prevention — Checks for viruses, spyware, unwanted programs, and other threats byscanning items — automatically when users access them or on demand at any time.
• Firewall — Monitors communication between the computer and resources on the network and theInternet. Intercepts suspicious communications.
• Web Control — Displays safety ratings and reports for websites during online browsing andsearching. Web Control enables the site administrator to block access to websites based on safetyrating or content.
• Adaptive Threat Protection — Analyzes content from your enterprise and decides what to dobased on file reputation, rules, and reputation thresholds.Adaptive Threat Protection is an optional Endpoint Security module. For additional threatintelligence sources and functionality, deploy the Threat Intelligence Exchange server. Forinformation, contact your reseller or sales representative.
Adaptive Threat Protection isn't supported on systems managed by McAfee ePO Cloud.
In addition, the Common module provides settings for common features, such as interface securityand logging. This module is installed automatically if any other module is installed.
1
McAfee Endpoint Security 10.5.0 Installation Guide 7
Options for installation and upgradesMcAfee Endpoint Security includes automated installation and setup processes for multiplemanagement environments.
Automated installation and deployment
Select the level of automation or customization that best suits your needs.
• Automated wizards — Install and deploy the product with preconfigured, default settings andminimal interaction during installation.
• Customized options — Use the Endpoint Security Package Designer to create custom productpackages that include preconfigured policy settings. Specify installation features, such as installingsilently.
• Single or multiple targets — Install on local systems or deploy remotely to all managed systems.
Side-by-side management and upgrades
Install, manage, and upgrade multiple product versions and operating system platforms using a singlemanagement platform.
• Inline installation — Install and manage new products side by side with previous versions.
• Management of multiple client versions and platforms — Use McAfee ePO and McAfee ePOCloud with the McAfee Agent to manage 10.0–10.5 versions of the Endpoint Security Client onWindows systems and compatible client software on Mac and Linux systems.
• Migration of custom settings — Migrate your settings from legacy products for use withEndpoint Security.
• On self-managed systems — The installation wizard preserves your settings during theupgrade process, by default. You can specify the products to upgrade.
• On McAfee ePO-managed systems — The Endpoint Migration Assistant provides twomigration paths. You can migrate all your settings automatically, or select settings to migratemanually, then configure some of them before migration if needed.
New featuresThe current release of the product includes these new features.
See the McAfee Endpoint Security Release Notes for a complete listing of new product features andenhancements in this release.
1 Product overviewOptions for installation and upgrades
8 McAfee Endpoint Security 10.5.0 Installation Guide
How the product works Endpoint Security detects, resolves, and logs information about detected threats. Client software isinstalled on each managed system to perform these tasks.
• For self-managed systems — A local system user installs the client software, customizes thefeatures, and manages detections.
• For managed systems — Typically, an administrator installs the client software, managesdetections, and sets up security rules, called policies, that determine how product features work.Depending on the policies configured by the administrator, users might be able to customize someproduct features.
The role of the client software
The client software protects systems with regular upgrades, continuous monitoring, and detailedreporting.
1 It silently monitors all file input and output, downloads, program executions, inbound and outboundcommunications, visits to websites, and other system‑related activities on managed systems, then:
• Deletes or quarantines detected viruses.
• Removes potentially unwanted programs, such as spyware or adware.
• Blocks or warns of suspicious activity, depending on product settings.
• Indicates unsafe websites with a color‑coded button or icon in the browser window or searchresults page. These indicators provide access to safety reports that detail site-specific threats.
• Blocks or warns of unsafe websites, depending on product settings.
Product overviewHow the product works 1
McAfee Endpoint Security 10.5.0 Installation Guide 9
2 It regularly connects to a local or remote McAfee ePO server or directly to a site on the Internet tocheck for:
• Updates to content files, which contain information that Endpoint Security uses to detectthreats. These files are updated as new threats are discovered to ensure that systems arealways protected against the latest threats.
• Upgrades to software components.
If new versions are available, the client software downloads them.
3 It logs security information for each managed system, including protection status and details aboutdetections. Users can view this information in the client console on self-managed systems and onmanaged systems where policy settings are configured to allow it.
4 (Managed systems only) It regularly communicates with a security management server to:
• Send logged security information.
• Receive new policy assignments.
The role of the security management platformAdministrators can use a network security management platform to manage security for all networksystems from a centralized console.
If you're an administrator using a supported security management platform, you can perform thesenetwork security tasks:
• Deploy product software to managed systems.
• Manage and enforce network security using policy assignments and automated tasks.
• Manage protection for systems running on multiple operating system platforms.
• Update the product components and required security content to ensure that managed systems aresecure.
• Create reports that display informative, user-configured charts and tables containing your networksecurity data.
Management strategies vary according to the number and location of managed systems and the waythey are used.
• Enterprise networks for industry and government typically employ a team of IT administrators tomonitor and regulate security full time.
• Smaller businesses might ask an employee to dedicate an hour or two a week to monitoringsecurity, subscribe to management software hosted on a server "in the cloud," or let individualusers manage security on their own systems.
Endpoint Security adapts to any of these environments.
1 Product overviewHow the product works
10 McAfee Endpoint Security 10.5.0 Installation Guide
Security management optionsEndpoint Security adapts to various users and settings by supporting multiple security managementoptions. Select the right type of management for your needs based on your network's resources, thenumber and location of the managed systems, and the way systems are used.
Self-managed systemsOn systems not managed with a security management platform, Endpoint Security:
• Supports desktops and laptops.
• Requires no management server or server-side components.
• Is installed on the local system by local users.
• Is configured and managed from the client console on the local system.
Managed systemsMcAfee ePO and McAfee ePO Cloud enable access to additional management features, which include amanagement server and administrative console.
Features Managed with McAfeeePO
Managed withMcAfee ePO Cloud
System support
Supported devices Servers, desktops, laptops,and tablets
Servers, desktops, andlaptops
Located on premise with the managementserver
Yes (also manages remotedevices)
No
Installation
Administrators install server-side components Yes No
Administrators can install client softwareremotely to multiple systems
Yes Yes
Users can install client software on localsystems with a URL
Yes Yes
Management
Administrator uses web-based console Yes Yes
Users use local client console (Optional) Yes Yes
Self-managementInstall and manage the product directly on a local system that is not connected to a network ormanaged from a centralized security management platform.In this case, users run the installation wizard directly on the local system. After installation iscomplete, they can manage the security settings and product features directly from the client console.For example, they can schedule scans, view reports, and check for updates as needed.
Management with McAfee ePOUse McAfee ePO to deploy and manage the product on systems located at sites with local McAfee ePOservers and at remote sites managed by those servers. In this case, one or more administratorstypically manage the server and the network systems where the product is installed.
McAfee ePO was designed for large enterprise networks, and includes new features to facilitate ease ofuse and to enhance extensibility for many network configurations.
Product overviewSecurity management options 1
McAfee Endpoint Security 10.5.0 Installation Guide 11
Managed systems follow the classic client-server model, in which they call into the management(McAfee ePO) server for instructions. (To facilitate this call, a McAfee Agent is deployed to each systemin the network. Once an agent is deployed to a system, the system can be managed by McAfee ePO,and client software for managed products can communicate with the server.)
The following figure shows how Endpoint Security integrates into a secure McAfee ePO environment.
1 The administrator sets up the McAfee ePO server-side components, then deploys the McAfee Agentto managed systems.
The McAfee ePO database stores all data about the managed systems on the network, including:
• System properties
• Policy information
• Directory structure
• Threat events (information about detections)
• All other relevant data that the server needs to keep managed systems up to date
The McAfee Agent deployed to each system facilitates:
• Policy enforcement
• Product deployments and updates
• Reporting on managed systems
2 The administrator deploys client software to managed systems.
Endpoint Security Client is the client software for Windows systems. McAfee ePO extensions forEndpoint Security can also manage supported client software installed on Mac and Linux systems.
1 Product overviewSecurity management options
12 McAfee Endpoint Security 10.5.0 Installation Guide
3 The McAfee ePO server connects to the McAfee update server to pull down the latest securitycontent.The McAfee ePO update server hosts the latest security content, so the McAfee ePO software canpull the content at scheduled intervals.
4 Agent-server secure communication (ASSC) occurs at regular intervals between the systems andthe McAfee ePO server. Then:
• McAfee ePO sends any available new policy assignments or product updates for the clientsoftware to the managed systems. This communication occurs shortly after the client software isinstalled and at regular intervals thereafter.
• The client software sends the security information it has logged to the server.
5 The administrator logs on to the McAfee ePO console to perform security management tasks, suchas running queries to report on security status or working with managed software security policies.
Management with McAfee ePO CloudUse McAfee ePO Cloud to deploy and manage the product on systems located at sites that do not havetheir own management server. In this case, McAfee hosts the server.
McAfee ePO Cloud was designed for small and medium networks that do not have a dedicated securitymanagement team or infrastructure in place. McAfee sets up the McAfee ePO Cloud server anddatabase "in the cloud," creates an account, makes products available to install on managed systems,and sends logon credentials to an account administrator.
Managed systems follow the classic client-server model, in which they call into the management(McAfee ePO Cloud) server for instructions. (To facilitate this call, a McAfee Agent is deployed to eachsystem in the network. Once an agent is deployed to a system, the system can be managed byMcAfee ePO Cloud, and client software for managed products can communicate with McAfee ePOCloud.)
The following figure shows how Endpoint Security integrates into a secure McAfee ePO Cloudenvironment.
Product overviewSecurity management options 1
McAfee Endpoint Security 10.5.0 Installation Guide 13
1 McAfee sets up the server-side components "in the cloud," including the McAfee ePO Cloud serverand database, then sends the URL and logon information to the administrator.
2 The McAfee ePO Cloud server connects to the McAfee update server to pull down the latest securitycontent.
The McAfee update server hosts the latest security content, so the McAfee ePO Cloud software canpull the content at scheduled intervals.
3 The administrator uses a browser to log on to McAfee ePO Cloud, creates an installation URL, andsends it to users along with instructions for installing the client software on their systems.
Endpoint Security Client is the client software for Windows systems. Endpoint Security server-sidecomponents can also manage supported client software installed on Mac and Linux systems.
The URL installs the McAfee Agent (if it is not already installed) and Endpoint Security Client. Thesystem communicates back to McAfee ePO Cloud and is then managed and protected by McAfeeePO Cloud.
4 Agent-server secure communication (ASSC) occurs at regular intervals between the systems andthe McAfee server. Then:
• McAfee ePO Cloud sends any available new policy assignments or product updates for the clientsoftware to the managed systems. This occurs shortly after the client software is installed andat regular intervals thereafter.
• The client software sends the security information it has logged to the server.
5 The administrator uses a browser to log on to McAfee ePO Cloud and perform security managementtasks, such as running queries to report on security status or configuring managed softwaresecurity policies.
Where to go from hereThis guide explains how to install or upgrade Endpoint Security on centrally managed andself-managed Windows systems.
To install client software for Endpoint Security for Mac or Endpoint Security for Linux, see the productdocumentation.
When you are ready to begin, follow this process.
1 Check the information in Chapter 2 to ensure that your systems and environment meet therequirements to install and run the product.
Chapter 2 also describes requirements for migrating legacy products.
2 Follow the instructions in the chapter for your management environment.
To install on systems managed with... Go to...
McAfee ePO or McAfee ePO Cloud Chapter 3
Self-management (no security management platform) Chapter 4
3 See Chapter 5 for reference or troubleshooting information.
4 (Optional) For information about installing Endpoint Security Adaptive Threat Protection, seeAppendix A, Adaptive Threat Protection installation.
1 Product overviewWhere to go from here
14 McAfee Endpoint Security 10.5.0 Installation Guide
2 Pre-installation
Your managed systems must have specific hardware and software to run McAfee Endpoint Security.Review these requirements and recommendations before installing your Endpoint Security software tomake sure that your installation is successful.
Contents System requirements for Endpoint Security Other virus-detection and firewall software Preparing to install or upgrade Preconfiguring the product Upgrading an existing version of the product Are you ready to install?
System requirements for Endpoint SecurityThis release supports deploying Endpoint Security to Windows operating systems. You can manageWindows, Mac, and Linux clients from McAfee ePO using Endpoint Security extensions.
System and hardware requirements
For a complete list of current system requirements:
• Endpoint Security — KB82761
• Endpoint Security for Mac — KB84934
• Endpoint Security for Linux — KB87073
Platforms no longer supported
• Windows Vista SP2
• Windows Server 2008
Windows 2008 R2 is supported.
Products no longer supported
McAfee Agent 5.0.1
2
McAfee Endpoint Security 10.5.0 Installation Guide 15
Supported and unsupported browsers
Product installation been verified to function correctly on these versions of popular browsers. URLinstallation requires one of these browsers and an Internet connection.
• Mozilla Firefox (versions 3.0 and later)
• Google Chrome (versions 4.0 and later)
• Microsoft Internet Explorer (versions 8, 9, 10, and 11)
• Safari, versions (7.1.x, 8.0.x, and 9.0.x) — Endpoint Security for Mac
The installation wizard works with the default security level for Internet Explorer. For other browsers,select a security level that enables Javascript. See the web browser's documentation for instructionson configuring the security level if you must change it.
Web Control
Web Control supports these browsers:
• Microsoft Internet Explorer 11
• Google Chrome — current version
Chrome doesn't support the Show Balloon option.
• Mozilla Firefox — current version
• Mozilla Firefox ESR (Extended Support Release) — current version and previous version
As Google and Mozilla release new versions frequently, Web Control might not work with a new update.A Web Control patch is released as soon as possible to support the changes from Google or Mozilla.
Web Control doesn't support Microsoft Edge.
For the latest information about browsers that Web Control supports, see KB82761.
On self-managed systems, all browsers — supported and unsupported — are allowed by default.
Supported security management platforms
If you plan to manage security for network systems, you must first set up a supported managementplatform and place the network systems under its management.
2 Pre-installationSystem requirements for Endpoint Security
16 McAfee Endpoint Security 10.5.0 Installation Guide
Managementplatform
Requirements
McAfee ePO An administrator has:• Installed McAfee ePO 5.1.1 or later. (McAfee ePO 5.3.1 or later is
recommended.)
• Deployed McAfee Agent 5.0.2.333 or later to managed systems. (McAfeeAgent 5.0.4 is recommended.)
See the McAfee ePolicy Orchestrator Installation Guide for instructions.
McAfee ePO Cloud • McAfee or another service provider has set up your account, installedserver-side components, and sent you logon credentials for McAfee ePOCloud.
• An administrator has deployed McAfee Agent 5.0.2.333 or later to managedsystems. (McAfee Agent 5.0.4 is recommended.)
For the latest Endpoint Security management license and entitlementinformation, see KB87057.
See the McAfee ePolicy Orchestrator Cloud Installation Guide for instructions.
None(self-managed)
You have installed McAfee Agent 4.0 or later on your system.
Endpoint Security requires McAfee Agent 5.0.2.333 or later (version 5.0.4 isrecommended). Endpoint Security automatically upgrades version 4.0 and laterof the agent to a supported version during product upgrades. You can alsoupgrade the agent manually.
See also Upgrade the McAfee Agent on McAfee ePO-managed systems on page 27Upgrade the McAfee Agent on self-managed systems on page 38System requirements for Adaptive Threat Protection on page 55
Other virus-detection and firewall softwareIt is not necessary to uninstall existing virus-detection and firewall products on managed systemsbefore installing Endpoint Security. The installation wizard detects these products and resolves mostconflicts automatically.
• If the Windows firewall is enabled — The wizard disables the Windows firewall automatically toprevent conflicts.
• If incompatible virus detection or firewall software is installed — The wizard attempts touninstall the software. If it can't, it prompts the user to cancel the installation, uninstall theincompatible software manually from the Windows Control Panel, then resume the installation.Installation resumes where it left off.
See KB85522 for a list of the software products uninstalled automatically. If you have incompatiblesoftware that does not appear on this list, manually uninstall it before installing Endpoint Security.
Users might be prompted to reboot their systems after uninstalling firewall software.
Pre-installationOther virus-detection and firewall software 2
McAfee Endpoint Security 10.5.0 Installation Guide 17
• If McAfee Host Intrusion Prevention is installed — The Endpoint Security Firewall replaces theHost Intrusion Prevention Firewall, and you can also migrate your Host Intrusion PreventionFirewall settings to the new Endpoint Security Firewall. Host Intrusion Prevention (without itsfirewall module) can run side by side with the Endpoint Security Firewall.
You are not required to upgrade to Endpoint Security Firewall or migrate your settings. You cancontinue to run the McAfee Host IPS Firewall after installing Endpoint Security Firewall. WheneverMcAfee Host IPS Firewall is installed and enabled, Endpoint Security Firewall is disabled even ifenabled in the policy settings.
• If McAfee® Deep Defender™ is installed — You must remove this conflicting product manually orwith a client task before installing Endpoint Security.
Preparing to install or upgradeIdentify and resolve potential issues before installing or upgrading Endpoint Security.
• Run McAfee GetClean — Run the McAfee GetClean tool on the deployment base images for yourproduction systems to ensure that clean files are sent to McAfee® Global Threat Intelligence™
(McAfee GTI) to be categorized. This tool helps to ensure that McAfee GTI does not provide anincorrect reputation value for your files. For more information, see the McAfee GetClean ProductGuide.
• Review and revise settings for products you plan to upgrade — Review policy settings, clienttasks, and assignments, consolidating them where possible. Remove duplicates and unusedobjects.
Preconfiguring the productYou can customize settings for product features before deploying the product to managed systems.Preconfiguration enables you to meet specific requirements, for example, in environments withsecurity compliance standards. Preconfigured policy settings take effect on installation.
Overview of preconfiguration process
Use one of these methods to install Endpoint Security with preconfigured policy settings.
• For self-managed systems — Export policy settings to a file, then import them during acommand-line installation.
1 Customize policies with the settings required for your system.
2 Export the settings using ESConfigTool with command-line options.
3 Import the settings using SetupEP with command-line options.
• For McAfee ePO systems — Create a custom product package with Endpoint Security PackageDesigner, then deploy it using McAfee ePO or third-party software.
1 Customize policies with the settings required for your environment.
2 Create a custom product package that includes the preconfigured policies. The EndpointSecurity Package Designer steps you through this process.
2 Pre-installationPreparing to install or upgrade
18 McAfee Endpoint Security 10.5.0 Installation Guide
3 Check in components from the custom product package to a location accessible by yourdeployment software. For McAfee ePO, this is the Master Repository.
4 Deploy the policy settings to managed systems. Use McAfee ePO or a third-party deploymenttool.
See the Endpoint Security Help for information about the features you can configure.
Best practices
McAfee preconfigures features with default settings that protect systems in medium-riskenvironments. These settings ensure that systems can access important websites and applicationsuntil there is time to customize the settings.
When customizing product features, make sure to configure:
• Where and how managed systems get updates.
• How often and what time of day managed systems check for updates.
• Access to required websites and applications without interruption.
Create custom packages with Endpoint Security PackageDesignerThe Endpoint Security Package Designer steps you through the process of creating a productpackage .zip file that contains preconfigured custom policies.
Before you begin• You have installed Endpoint Security on managed systems. Package Designer checks to
verify that it is installed.
• You have a source package to customize, if needed, as part of this process.
• You have downloaded and installed Package Designer.
Endpoint Security Package Designer is a standalone tool (not included with Endpoint Security) that youcan download. Use this tool to create a custom package using existing Endpoint Security settings — orcustomized settings — on a client system. You can then deploy the custom package files in one ofthese ways:
• As a standalone installer
• Using McAfee ePO
• Using a third-party network deployment tool
For information about installing and using Package Designer, see KB86438.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Open the Package Designer wizard.
2 On the Select Folders screen, select the source package file and destination folder for the custompackage.
a Browse to the package you want to create.
b Browse to the folder where you want to create the package.
Pre-installationPreconfiguring the product 2
McAfee Endpoint Security 10.5.0 Installation Guide 19
c (Optional) Specify a custom name for the package. The .zip file extension is appended to the filename automatically.
d Click Next.
3 On the Modify Package screen, click Edit Settings and make changes to the settings if needed, then clickNext.
4 On the Create Package screen, review and verify your selections and the content of the custompackage, then click Create.
A progress bar displays the status of your request.
5 On the Package Completed screen, select an option:
• Open Package Location — Navigates to the folder where the package was created. From there, youcan check in the package to the Master Repository in McAfee ePO for deployment or deploy it byusing third-party software.
Best practice: Test custom packages before deploying them to your McAfee ePO environment.
• Finish — Exits the wizard.
Install custom packages with McAfee ePOUse McAfee ePO to install a custom package that you created with the Endpoint Security PackageDesigner.
Before you beginYou have created a package with custom policies and copied it to a location that isaccessible from your McAfee ePO server.
You can also use a third-party network deployment tool to deploy custom package files. See itsproduct documentation for more information.
If you migrate settings from legacy products to Endpoint Security, policies included in a custom packagetake precedence over legacy policies. In these cases, the custom policy settings are applied instead ofthe legacy settings.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Navigate to the folder where you created the custom package, then extract the files.
From the Package Designer, click Open Package Location in the Package Completed screen, or navigate tothe location manually.
2 In McAfee ePO, go to the Master Repository, then click Check In Package.
3 On the Package tab of the Check In Package screen, select the package to check in.
a For Package type, select Product or Update (.ZIP).
b For File path, click Choose File, navigate to the custom package, then click Open.
c Click Next.
4 On the Package Options tab, verify the package information and select the branch where you want toinstall the package, then click Save.
2 Pre-installationPreconfiguring the product
20 McAfee Endpoint Security 10.5.0 Installation Guide
5 Repeat steps 2–4 for each .zip file you extracted from the custom package.
6 To install the files you have checked in on managed systems, create a client deployment task.
Create a custom policy to importUse ESConfigTool to create preconfigured policy settings that you can import during productinstallation. You can then use SetupEP to install Endpoint Security with settings in place rather thanwaiting for the first policy enforcement.
Before you beginEndpoint Security is deployed to at least one managed system.
This utility exports all policy settings for your selected product modules to a location that you specify.
For example, preconfigure port exclusions to ensure that vital communications are not blocked whenFirewall is installed, or preconfigure settings required for compliance with security regulations.
ESConfigTool is located in the Endpoint Security Platform folder (C:\Program Files\McAfee\EndpointSecurity\Endpoint Security Platform, by default).
TaskFor option definitions, run ESConfigTool with no options: ESConfigTool.exe
1 Create a policy and configure the required settings, then save it.
2 Using the ESConfigTool command line, export the policy to create <file_name>.
ESConfigTool.exe /export <file_name> [/module <TP|FW|WC|ESP> ]
Save this file to a folder that is not protected by McAfee. The folder containing ESConfigTool isprotected, so the export location should be a different, writable location.
Example:
ESConfigTool.exe /export C:\ENS\firewall.policy /module FW
This example exports the Firewall policy settings to C:\ENS\firewall.policy.
3 Using the SetupEP utility, install Endpoint Security and import <file_name>.
<file_name> is the exported policy settings file created in the previous step.
setupEP.exe <options> /import <file_name> /module <FW|TP|WC|ESP>
Example:
setupEP.exe ADDLOCAL="fw,tp,wc" /import C:\ENS\firewall.policy /module FW
This example installs the McAfee®
Endpoint Security Firewall, McAfee®
Endpoint Security ThreatPrevention, and McAfee
®
Endpoint Security Web Control product modules (and Endpoint SecurityPlatform, also called the McAfee
®
Endpoint Security Common module, which installs automatically).It also imports policy settings from the firewall.policy file and applies them to the Firewall module.
See also SetupEP command-line options (self-managed) on page 47ESConfigTool command-line options on page 50
Pre-installationPreconfiguring the product 2
McAfee Endpoint Security 10.5.0 Installation Guide 21
Upgrading an existing version of the productIf a previous supported version of one or more product modules is installed currently in yourenvironment, you can upgrade to Endpoint Security. If you are upgrading legacy products, such asVirusScan Enterprise, you can also migrate your custom settings.
Upgrading Endpoint Security
Use the installation wizard to install the new Endpoint Security product modules side by side with yourexisting products. You can continue to use both product versions until you are ready to remove theolder ones.
You can use the McAfee Agent to manage versions 10.0–10.5 of Endpoint Security.
You can continue to run Endpoint Security Threat Intelligence 10.2 after upgrading to ThreatPrevention 10.5.
Upgrading to Adaptive Threat Protection
To upgrade Endpoint Security Threat Intelligence version 10.2 to Adaptive Threat Protection version10.5, you must manually upgrade after installing Endpoint Security version 10.5.
Adaptive Threat Protection requires version 10.5 of both Threat Prevention and Endpoint SecurityPlatform.
Updating to Adaptive Threat Protection is not a requirement. You can continue to run EndpointSecurity Threat Intelligence version 10.2 after upgrading to Threat Prevention version 10.5.
Best practice: To use all the newest features, install the 10.5 version of Adaptive Threat Protectionwith the 10.5 version of Endpoint Security.
Migrating or preserving legacy product settings
When you upgrade these legacy products, you can migrate (or preserve) some of your custom productsettings:
Product versions that migrate(all patch levels)
Settings that migrate
McAfee VirusScan Enterprise 8.8 • Policies — You can migrate workstation policies, server policies,or both if you have both defined.
• Client tasks
McAfee Host Intrusion PreventionFirewall 8.0
• Host IPS Catalog — Renamed Firewall Catalog in EndpointSecurity.
• Firewall and General policies
McAfee Host Intrusion Prevention8.0
• IPS Rules policy:
• Excluded Application Protection Rules
• IPS Exceptions
• Custom signatures
• McAfee-defined signatures supported by the ExploitPrevention policy
• IPS Protection policy
2 Pre-installationUpgrading an existing version of the product
22 McAfee Endpoint Security 10.5.0 Installation Guide
Product versions that migrate(all patch levels)
Settings that migrate
McAfee SiteAdvisor Enterprise 3.5 • Policies
• Client tasks
McAfee Endpoint Protection forMac 2.3McAfee VirusScan for Mac 9.8
• Anti-malware policy:
• On-access Scan
• Exclusions: On-access Scan
McAfee VirusScan Enterprise forLinux 2.0.2
• On-Access Scanning policy
• On-Demand Scanning client tasks
Best practice: Before migrating, review your legacy settings to make sure that they are up to date,then consolidate, remove duplicates, and remove unused settings, policies, and client tasks.
• On self-managed systems — The installation wizard allows you to preserve your legacy settingswhen you upgrade to Endpoint Security.
• In McAfee ePO environments — Use the Endpoint Migration Assistant to create EndpointSecurity policies based on your current legacy product settings. You can let the Migration Assistantmigrate all your settings automatically, or you can select which policies to migrate, then configurenew settings manually. The Migration Assistant also migrates client tasks and other settings. Formore information, see the McAfee Endpoint Security Migration Guide and Help.
Are you ready to install?When your environment meets the requirements specified in this chapter, you are ready to begininstallation.
These components... Meet these requirements
All systems where youwant to install the product
• Hardware components meet or exceed minimum requirements.
• Supported operating system is installed.
• Supported web browser is installed.
Managed systems only • Required agent is installed and communicating with the managementserver.
• (Upgrade) Supported version of software is installed.
Management server • Supported management platform is installed.
• (Optional) You have preconfigured policy settings for product featuresas needed.
• (Upgrade) Supported version of extension is installed.
• (Optional) Your environment meets the requirements for AdaptiveThreat Protection, and you are prepared to install and configure itscomponents.
Pre-installationAre you ready to install? 2
McAfee Endpoint Security 10.5.0 Installation Guide 23
If you plan to:
• Migrate your custom settings for legacy products in McAfee ePO environments — Checkrequirements in the McAfee Endpoint Security Migration Guide.
• Install Adaptive Threat Protection — See Appendix A, Adaptive Threat Protection installation,for information about installing and setting up the components. Adaptive Threat Protection is anoptional Endpoint Security module.
• Install compatible client software on Mac and Linux systems — See the productdocumentation for Endpoint Security for Mac and Endpoint Security for Linux.
2 Pre-installationAre you ready to install?
24 McAfee Endpoint Security 10.5.0 Installation Guide
3 Installation for systems managed withMcAfee ePO and McAfee ePO Cloud
Use this information to install the product on Windows systems managed with McAfee ePO and McAfeeePO Cloud.
Contents Installation overview Upgrade the McAfee Agent on McAfee ePO-managed systems Install the product files on the management server Download Endpoint Security content files Deploy to multiple systems with deployment tasks Install on local systems with an installation URL Verify the installation Uninstall from systems managed with McAfee ePO or McAfee ePO Cloud
Installation overviewIn McAfee ePO and McAfee ePO Cloud environments, administrators can deploy the product softwareremotely to managed systems or ask users to install it locally. For McAfee ePO, they must also installproduct software on the management server.
Management environment characteristics
The primary differences in managing the two environments are:
• McAfee ePO — Administrators install product components on the management server, then theytypically configure feature settings and deploy the client software to multiple managed systemsusing deployment tasks.
• McAfee ePO Cloud — McAfee or another service provider sets up each McAfee ePO Cloud accounton an offsite management server and notifies the local administrator when products are ready toinstall on managed systems. Local administrators then typically create and send an installation URLto users for installation on local systems.
In McAfee ePO Cloud environments, you must have administrative logon credentials for a McAfeeePO Cloud account before installing the product. McAfee or your service provider sends these to youin an email. If you have not previously activated and configured an account, see the McAfee ePOCloud product guide for instructions.
For the latest Endpoint Security management license and entitlement information, see KB87057.
3
McAfee Endpoint Security 10.5.0 Installation Guide 25
Endpoint Security supports both URL installation and deployment tasks in either environment. As anadministrator, you can choose the method that best suits your needs.
If you are installing Adaptive Threat Protection, see Appendix A, Adaptive Threat Protection installation,for additional steps. Adaptive Threat Protection is an optional Endpoint Security module.
Installation and upgrade process
Task Description McAfeeePO orMcAfeeePO Cloud
Notes
1 Ensure that all managed systems meet therequirements described in Chapter 2, Pre-installation.
Both
2 Upgrade McAfee Agent, if needed. McAfee ePO Endpoint Securityrequires McAfee Agent5.0.2.333 or later(version 5.0.4 isrecommended). Ifrunning an earlierversion, upgrade theagent manually.
3 Prepare policies as needed.• If you are migrating legacy policies — Review
and revise your settings to eliminate unused,outdated, and duplicate settings.
• If you are preconfiguring policies — Create acustom package.
McAfee ePO Only for migration orpreconfigured settings
4 Open the management console. (Open your webbrowser and log on to your account.)
Both
5 Install the product files on the McAfee ePO server. McAfee ePO
6 Manually update your McAfee ePO server with thelatest content files required for Endpoint Security:AMCore, Exploit Prevention, and (if applicable)Adaptive Threat Protection content files.
McAfee ePO
7 Migrate policies, client tasks, and other settings fromsupported legacy products.
McAfee ePO Only for migrationSee the McAfeeEndpoint SecurityMigration Guide formore information.
8 Configure policies as needed. Both Optional
3 Installation for systems managed with McAfee ePO and McAfee ePO CloudInstallation overview
26 McAfee Endpoint Security 10.5.0 Installation Guide
Task Description McAfeeePO orMcAfeeePO Cloud
Notes
9 Deploy the client software with default or customsettings to managed systems in one of these ways:• Remotely to multiple managed systems with
deployment tasks — Preferred for McAfee ePO.
• Locally on managed systems with aninstallation URL — Preferred for McAfee ePOCloud.
Best practice: Restart the managed system afterinstalling this release of the product.
Both
10 Verify that the client software is installed and up todate on all managed systems.
Both
See also Create custom packages with Endpoint Security Package Designer on page 19Preconfiguring the product on page 18
Upgrade the McAfee Agent on McAfee ePO-managed systemsEndpoint Security requires McAfee Agent 5.0.2.333 or later (version 5.0.4 is recommended). Onmanaged systems running an earlier version, you need to upgrade the McAfee Agent manually beforedeployment.
For McAfee ePO Cloud, no action is required to upgrade McAfee Agent. The new agent is installedautomatically on managed systems from the McAfee ePO Cloud installation URL sent to users.
On Windows systems, communication is blocked between McAfee ePO and the agent when runningMcAfee Host IPS 8.0 (Patch 4 or earlier) and McAfee Agent version 5.0 (or later). See KB82869 forinstructions to resolve this issue.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Download and deploy the package.
2 Log on to McAfee ePO as administrator.
3 Select Menu | Extensions, click Install Extension, and select the EPOAGENTMETA.zip file.
4 Select Menu | Master Repository, click Check In Package, and select the MA-WIN 5.0.2 .zip file or the latestrecommended version (5.0.4).
5 Deploy the new McAfee Agent using one of these methods:
• Create a deployment task to push the new package to the client systems: Select New | ProductDeployment, then click New Deployment.
• Create and distribute a new deployment URL.
Installation for systems managed with McAfee ePO and McAfee ePO CloudUpgrade the McAfee Agent on McAfee ePO-managed systems 3
McAfee Endpoint Security 10.5.0 Installation Guide 27
When you check in the new McAfee Agent, which overwrites the previous version, anydeployment URL created with the previous version no longer works. You must create anddistribute a new URL with the new McAfee Agent.
1 Select Menu | System Tree, then select the subgroup that contains the systems to deploy to.
2 On the Agent Deployment tab, click Create Agent Deployment URL.
3 Enter the URL name, verify the agent version, then click OK.
4 Distribute the URL for new deployments.
For more information about deployment, see the McAfee ePO Help.
Install the product files on the management serverIn McAfee ePO environments only, install server-side components for Endpoint Security on the McAfeeePO server as the first step in the installation process.
Before you beginYour network security management platform must meet the requirements described inChapter 2, Pre-installation.
This task installs two types of product components on the management server:
• Product management extensions — Add Endpoint Security management features (such as queries,client tasks, and online Help) to the McAfee ePO server that enable you to manage the productfrom the console.
• Product deployment packages — Add product software files to the Master Repository. You can thendeploy them to managed systems.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 On the security management console, select Menu | Dashboards, then select Guided Configuration fromthe drop-down list.
2 On the Guided Configuration screen, click Begin.
3 Click Software Selection, then:
a Under the Software Not Checked In product category, click Licensed to display available products.
b In the Software table, select the product you want to check in. The product description and allavailable components are displayed in the table below.
c Click Check In All to check in product extensions to your McAfee ePO server, and product packagesto your Master Repository.
When installation is complete, the extensions are listed on the Extensions page and the packagesare listed in the Master Repository.
You can now deploy the product to managed systems.
3 Installation for systems managed with McAfee ePO and McAfee ePO CloudInstall the product files on the management server
28 McAfee Endpoint Security 10.5.0 Installation Guide
Download Endpoint Security content filesYou must manually update your McAfee ePO server with the latest AMCore and Exploit Preventioncontent files required for Endpoint Security.
Before you beginThe Endpoint Security packages are checked in to the Master Repository on your McAfeeePO server.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 In McAfee ePO, select Menu | Automation | Server Tasks to open the Server Task Catalog.
2 Edit the Update Master Repository server task.
3 Click the Actions tab.
4 For the Repository Pull action, ensure that the following are set:
• Source site: McAfeeHttp
• Package types: All packages
5 Click Save to save the task.
6 For the Update Master Repository server task, click Run.
The Master Repository now includes the AMCore Content Package and the Endpoint Security Exploit PreventionContent package required by Endpoint Security. See the Endpoint Security Common Help for moreinformation about content files.
Deploy to multiple systems with deployment tasksAutomated tasks simplify the processes for deploying the client software to managed systems. Thismethod deploys remotely from the security management console and does not require any userassistance.
Before you begin• The systems where you want to install the product must meet the requirements
described in Chapter 2, Pre-installation.
• In a McAfee ePO environment, you must have installed the product's server-sidecomponents on the McAfee ePO server.
• In a McAfee ePO Cloud environment, you must have administrative logon credentials fora McAfee ePO Cloud account. McAfee or your service provider sends these in an email.
Installation for systems managed with McAfee ePO and McAfee ePO CloudDownload Endpoint Security content files 3
McAfee Endpoint Security 10.5.0 Installation Guide 29
TaskYou can use two types of automated tasks to deploy product software to multiple managed systems:product deployment tasks and client tasks. Product deployment tasks are simpler to set up, and thisguide explains the process. See the McAfee ePO or McAfee ePO Cloud product guide for moreinformation about configuring and running product deployment tasks and client tasks.
1 On the security management console, select Menu | Software | Product Deployment.
2 On the Product Deployment page, click New Deployment.
3 On the New Deployment page, configure these settings, then click Save at the top of the page.
Option Description
Name andDescription
Type a name and description for this deployment.
This name appears on the Deployment page after the deployment is saved.
Type From the list, select the type of deployment.• Fixed — Deploys only to the selected systems.
• Continuous — Deploys to systems based on System Tree groups or tags. Thisoption allows these systems to change over time as they are added or removedfrom the groups or tags.
If you want to automatically install product updates when they are available,select Auto Update. This option deploys the hotfixes and patches for your productautomatically.
Package From the list, select McAfee Endpoint Security.
Language andBranch
If needed, select the Language and Branch, if not using the defaults.
Command line In the text field, specify a command line with installation options for the moduleyou are installing. These options are supported:• /INSTALLDIR="install_path" • /nocontentupdate• /l"install_log_path" • /override"hips"• /l*v"install_log_path"
Select thesystems
Click Select Systems to open the System Selection dialog box and select the systemswhere you want to deploy the client software.If needed, configure the following:• Run at every policy enforcement (Windows only)
• Allow end users to postpone this deployment (Windows only)
• Maximum number of postponements allowed
• Option to postpone expires after
• Display this text
Select a start time Select a start time or schedule for your deployment:• Run Immediately — Starts the deployment task the next time the systems check for
updates from the management server.
• Once — Opens the scheduler so you can configure the start date, time, andrandomization.
3 Installation for systems managed with McAfee ePO and McAfee ePO CloudDeploy to multiple systems with deployment tasks
30 McAfee Endpoint Security 10.5.0 Installation Guide
The Product Deployment page opens with your new project added to the list of deployments. Also, aclient task is automatically created with the deployment settings.
4 Check the status of the deployment on the Product Deployment page.
Click the deployment task in the list on the left side of the page to display its details on the rightside of the page.
See also SetupEP command-line options (McAfee ePO and McAfee ePO Cloud deployment tasks) onpage 46
Install on local systems with an installation URLTypically, McAfee ePO Cloud administrators create an installation URL that can be used to installEndpoint Security Client on managed systems.They can:
• Use this URL to install the client software locally on their own system.
• Send this URL to users with instructions for installing the client software on their local systems.
McAfee ePO also supports URL installation.
Tasks• Install the product with default settings on page 31
Create a default installation URL and use it to install the client software on systems in thedefault group.
• Install the product with custom settings on page 32Create a custom installation URL and use it to install the client software on your own localsystem or send it to end users to install the client software on their systems.
• Install with an installation URL on page 33Install the product on a local system with an installation URL.
Install the product with default settingsCreate a default installation URL and use it to install the client software on systems in the defaultgroup.
Before you begin• In a McAfee ePO environment, the product extensions must be installed on the McAfee
ePO server, and the product content must be available in the Master Repository.
• In a McAfee ePO Cloud environment, you must have administrative logon credentials fora McAfee ePO Cloud account. McAfee or your service provider sends these to you in anemail.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Open your browser and log on to McAfee ePO.
2 Select Menu | Dashboards, then select Getting Started with ePolicy Orchestrator from the drop-down list.
The product modules installed on managed systems are listed under My Products. The defaultinstallation URL appears underneath.
Installation for systems managed with McAfee ePO and McAfee ePO CloudInstall on local systems with an installation URL 3
McAfee Endpoint Security 10.5.0 Installation Guide 31
3 Install the product locally or send the URL to users to install on their systems.
On thisplatform...
Perform these steps...
McAfee ePO 1 Click the URL displayed on the page.A file containing all the product client packages downloads to your system.
2 Click Install if a web-based installation wizard doesn't open automatically.
McAfee ePOCloud
1 Select an option.
• Install Protection on This Computer — Downloads a file containing all the productclient packages downloads to the local system and installs them. Click Installif a web-based installation wizard doesn't open automatically.
• Install Protection to Other Computers — Displays the installation URL.
2 Send the URL to users.
a Copy this URL to a text file, then click OK to close the dialog box.
b Send the URL in an email message with any special instructions for installingon local systems.
Install the product with custom settingsCreate a custom installation URL and use it to install the client software on your own local system orsend it to end users to install the client software on their systems.
Before you begin• In a McAfee ePO environment, the product extensions must be installed on the McAfee
ePO server, and the product content must be available in the Master Repository.
• In a McAfee ePO Cloud environment, you must have administrative logon credentials fora McAfee ePO Cloud account. McAfee or your service provider sends these to you in anemail.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Open your browser and log on to McAfee ePO.
2 Select Menu | Dashboards, then select Getting Started with ePolicy Orchestrator from the drop-down list.
The product modules installed on managed systems are listed under My Products.
3 Create a custom installation URL.
3 Installation for systems managed with McAfee ePO and McAfee ePO CloudInstall on local systems with an installation URL
32 McAfee Endpoint Security 10.5.0 Installation Guide
On thisplatform...
Perform these steps...
McAfee ePO 1 Click Customize Installation.The Customize Software Installation page opens.
2 Configure these settings, then click Done:• Group Name — Select the default group name or enter a custom group name.
• Operating System — Select McAfee Agent for Windows.
• Software and Policies — Select McAfee Endpoint Security product modules to installand, if needed, click McAfee Default Policies and Tasks to select an alternativepreconfigured policy.
• Software is automatically updated to the latest version — Specify whether to download thelatest version of the software automatically whenever an update occurs.
A page displays installation options.
McAfee ePOCloud
1 Click Customize Installation.
2 Configure these settings, then click Done:• Group Name — Select the default group name or enter a custom group name.
• Operating System — Select McAfee Agent for Windows.
• Software and Policies — Select McAfee Endpoint Security product modules to installand, if needed, click McAfee Default Policies and Tasks to select an alternativepreconfigured policy.
• Software is automatically updated to the latest version — Specify whether to download thelatest version of the software automatically whenever an update occurs.
A page displays installation options.
4 Select an installation option.
• Install Protection on This Computer — Downloads a file containing all the product client packagesdownloads to the local system and installs them. Click Install if a web-based installation wizarddoesn't open automatically.
• Install Protection to Other Computers — Displays the installation URL.
5 Send the URL to users.
a Copy this URL to a text file, then click OK to close the dialog box.
b Send the URL in an email message with any special instructions for installing on local systems.
Install with an installation URLInstall the product on a local system with an installation URL.
Before you begin• The system where you install the product must meet the requirements described in
Chapter 2, Pre-installation.
• You must have an installation URL that you created or received from your administrator.
Installation for systems managed with McAfee ePO and McAfee ePO CloudInstall on local systems with an installation URL 3
McAfee Endpoint Security 10.5.0 Installation Guide 33
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Open a web browser window and paste in the installation URL.
2 Follow the instructions on the screen to install. If the installation does not start automatically, clickInstall.• Click Run if prompted to run or save.
• Click Run if prompted to verify the installation.
A dialog box displays the progress of the installation and indicates when it is complete. If needed, youcan click Cancel to stop the installation.
The installation log, McAfeeSmartInstall_<date>_<time>.log, is saved in <LocalTempDir>\McAfeeLogs (for example, C:\Windows\Temp\McAfeeLogs).
Verify the installationAfter deployment, verify that the client software installed and updated correctly on managed systems.After a URL installation, verify that the list of systems matches the list of users you sent theinstallation URL to.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Wait for client systems to report back to the security management platform (typically after an houror two).
2 On the security management console, select Menu | Dashboards, then select Endpoint Security: InstallationStatus for a complete listing of the managed systems where the software was installed and theirstatus.
Uninstall from systems managed with McAfee ePO or McAfeeePO Cloud
You can remove product modules from managed systems remotely from the management console orlocally at the managed system. You might do this for testing or before reinstalling the client software.
Best practice: Reinstall the client software as soon as possible. When it is uninstalled, the system isnot protected against threats.
TaskFor details about product features, usage, and best practices, click ? or Help.
• Remove the client software using one of these methods.
3 Installation for systems managed with McAfee ePO and McAfee ePO CloudVerify the installation
34 McAfee Endpoint Security 10.5.0 Installation Guide
To uninstall... Do this...
From multiplesystemsremotely
Run a product deployment task:
1 On the security management console, select Menu | Policy | Product Deployment.
2 Duplicate the task you used to install the product modules, then specify Removeas the Action.
3 After the task has completed, verify that the client software was uninstalledfrom the selected systems. Click Dashboards, then select Endpoint Security: InstallationStatus.
See the McAfee ePO or McAfee ePO Cloud product guide for more informationabout using product deployment tasks.
At the localmanagedsystem
Uninstall from the Windows Control Panel:
1 Open the Windows Control Panel, then go to the Uninstall Programs screen.
2 In the list of programs, select each product module, then click Uninstall.• McAfee Endpoint Security Adaptive Threat Protection — If Adaptive Threat Protection is
installed, you must uninstall it before uninstalling Threat Prevention.
• McAfee Endpoint Security Firewall 10.5
• McAfee Endpoint Security Threat Prevention 10.5
• McAfee Endpoint Security Web Control 10.5
• McAfee Endpoint Security Platform 10.5
Endpoint Security Platform (Common module) is uninstalled automatically withthe last product module.
3 If prompted, enter a password for each module.By default, no password is required.
Installation for systems managed with McAfee ePO and McAfee ePO CloudUninstall from systems managed with McAfee ePO or McAfee ePO Cloud 3
McAfee Endpoint Security 10.5.0 Installation Guide 35
3 Installation for systems managed with McAfee ePO and McAfee ePO CloudUninstall from systems managed with McAfee ePO or McAfee ePO Cloud
36 McAfee Endpoint Security 10.5.0 Installation Guide
4 Installation for self-managed systems
Use this information to install the product on systems that are not managed by a centralized networkmanagement tool.
Contents Installation overview for self-managed systems Upgrade the McAfee Agent on self-managed systems Install with the installation wizard Install from the command line Verify the installation Uninstall from a self-managed system
Installation overview for self-managed systemsLocal system users perform these high-level tasks to install or upgrade the product on self-managedsystems.
1 Make sure that the system meets the requirements described in Chapter 2, Pre-installation.
2 (Optional) If you are upgrading legacy products and plan to preserve your settings, review andrevise them as needed.
3 Upgrade the McAfee Agent, if needed.
Endpoint Security requires McAfee Agent 5.0.2.333 or later (version 5.0.4 is recommended).Endpoint Security automatically upgrades version 4.0 and later of the agent to a supported versionduring product upgrades. You can also upgrade the agent manually.
4 Copy the product files to the self-managed system.
Depending on how you purchased the product, you might need to download product files from adownload site or copy them from a disc.
5 Launch the installation wizard to install or upgrade the product.
6 Verify that the client software is installed and up to date.
7 (Optional) If you upgraded from legacy products and preserved your settings, verify that thesettings were preserved.
Best practice: Restart the system after installing this release of the product.
See also Upgrading an existing version of the product on page 22
4
McAfee Endpoint Security 10.5.0 Installation Guide 37
Upgrade the McAfee Agent on self-managed systemsEndpoint Security requires McAfee Agent 5.0.2.333 or later (version 5.0.4 is recommended). EndpointSecurity automatically upgrades version 4.0 and later of the agent to a supported version duringproduct upgrades. You can also upgrade the agent manually.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Download the McAfee Agent client package from the download site.
2 Unzip the McAfee Agent package and locate the FramePkg_Upd.exe file.
3 Right-click FramePkg_UPD.exe, then select Run as administrator.
Install with the installation wizardThe installation wizard automates much of the process for installing and upgrading the product onself-managed systems.
Before you beginThe systems where you install the product must meet the requirements described inChapter 2, Pre-installation.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Obtain your copy of the product software, then launch the installation wizard on the self-managedsystem.
For this productformat...
Perform these steps...
Download Download the Endpoint Security .zip file, unzip the contents of the file, thendouble-click setupEP.exe.
If you purchase the product online, McAfee or another provider sendsinstructions and a URL for downloading the product.
CD or DVD Insert the disc into a drive, open the contents, then double-clicksetupEP.exe.
If there is a product license number on the disc label or packaging, makesure that you have a copy for reference.
2 On the License Agreement page, click Accept.
3 Resolve any conflicts detected by the wizard.
The wizard attempts to uninstall conflicting virus-detection and firewall software productsautomatically. If it can't, it prompts you to uninstall them manually, then prompts you to reboot.
• If you reboot immediately, installation resumes after the system restarts.
• If you reboot later, run the installation wizard again at your earliest convenience.
See KB85522 for a list of the software products uninstalled automatically.
4 Installation for self-managed systemsUpgrade the McAfee Agent on self-managed systems
38 McAfee Endpoint Security 10.5.0 Installation Guide
4 On the Install Options page, select the modules to install.
Install all product modules that you purchased with their default settings, or select options tocustomize your installation.
5 If you are upgrading VirusScan Enterprise 8.8, Host Intrusion Protection 8.0, or SiteAdvisorEnterprise 3.5, select whether to preserve your settings.
6 Click Install.
A dialog box shows the progress of the installation and notifies you when it is complete. You cancancel the installation at any time, if needed.
7 Click Finish to close the wizard.
See also Other virus-detection and firewall software on page 17
Install from the command lineYou can run the installation wizard from the command line, which lets you select additional options,such as silent installation. (By default, installation is interactive.)
Before you beginThe system where you install the product must meet the requirements described inChapter 2, Pre-installation.
• For silent installation, the wizard displays no feedback. All information is available in logs.
• For interactive command-line installation, the wizard displays a progress window and allows you tocancel the installation, if needed. All information is available in logs.
Task1 Copy the product files to the self-managed system.
Depending on how you purchased the product, you might need to download product files from adownload site or copy them from a disc.
2 Open a Command Prompt window, navigate to the folder where you copied the files, then type thiscommand and any applicable parameters, which are not case-sensitive:
setupEP.exe /parameters
Type setupEP.exe /help for a complete list of command-line options for the SetupEP utility.
Best practice: Restart the system after installing this release of the product.
See also SetupEP command-line options (self-managed) on page 47
Verify the installationAfter installation is complete, verify that the modules installed successfully and the system is up todate. If you migrated settings from legacy products, verify that your settings migrated correctly.
Installation for self-managed systemsInstall from the command line 4
McAfee Endpoint Security 10.5.0 Installation Guide 39
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Open the Windows Control Panel and verify that the name of each module you selected to installappears and that version 10.5 is installed.
• McAfee Endpoint Security Firewall
• McAfee Endpoint Security Threat Prevention
• McAfee Endpoint Security Web Control
• McAfee Endpoint Security Platform
2 Open the installation log file and make sure that no errors or failure messages appear.
By default, the installation wizard installs the installation log files in the user Temp folder as %Temp%\McAfeeLogs (for example, C:\Users\username\AppData\Local\Temp\McAfeeLogs).
3 Open the Endpoint Security Client, then click Update Now to ensure that the system is up to date.
If your system is up to date, the page displays No Updates Available and the date and time of the lastupdate.
4 (Upgrade only) If you upgraded legacy products with preserved settings, check the client Settingspage for each product module to verify that legacy settings were migrated.
Uninstall from a self-managed systemYou can remove product modules on a self-managed system from the Windows Control Panel. Youmight do this for testing or before reinstalling the client software.
You can also uninstall the product modules from a command line.
Best practice: Reinstall the client software as soon as possible. When it is uninstalled, the system isnot protected against threats.
Task1 Open the Windows Control Panel, then go to the Uninstall Programs screen.
2 In the list of programs, select each product module, then click Uninstall.• McAfee Endpoint Security Adaptive Threat Protection — If Adaptive Threat Protection is installed, you must
uninstall it before uninstalling Threat Prevention.
• McAfee Endpoint Security Firewall
• McAfee Endpoint Security Threat Prevention
• McAfee Endpoint Security Web Control
• McAfee Endpoint Security Platform
Endpoint Security Platform (Common module) is uninstalled automatically with the last productmodule.
3 If prompted, enter a password for each module.
By default, no password is required.
4 Installation for self-managed systemsUninstall from a self-managed system
40 McAfee Endpoint Security 10.5.0 Installation Guide
4 Wait for the wizard to report that it has uninstalled the support components. If you do not see anotification, check the Event Log to verify that the Endpoint Security Platform was removedsuccessfully.
5 If no other protection services are installed, select McAfee Agent in the Uninstall Programs screen of theWindows Control Panel, then click Uninstall.
See also SetupEP command-line options (self-managed) on page 47
Installation for self-managed systemsUninstall from a self-managed system 4
McAfee Endpoint Security 10.5.0 Installation Guide 41
4 Installation for self-managed systemsUninstall from a self-managed system
42 McAfee Endpoint Security 10.5.0 Installation Guide
5 Troubleshooting and reference
Use this information for basic product maintenance, troubleshooting, and reference.
Contents Troubleshooting installation problems Resolving error codes and messages Using command-line options Log files
Troubleshooting installation problemsFollow troubleshooting procedures to resolve problems related to installing and uninstalling theproduct, and capture the required system information.
Test malware detectionTest the virus‑detection feature of Threat Prevention by downloading the EICAR Standard AntiVirusTest File to the local system.Although it is designed to be detected as a virus, the EICAR test file is not a virus.
Task1 Download the EICAR file from this location:
http://www.eicar.org/download/eicar.com
If installed properly, Threat Prevention interrupts the download and displays a threat detectiondialog box.
2 Click OK.
If not installed properly, Threat Prevention does not detect the virus or interrupt the downloadprocess. In this case, use Windows Explorer to delete the EICAR test file from the client computer,then reinstall the product and test the new installation.
Using the MER tool for troubleshootingThe MER (Minimum Escalation Requirements) tool collects McAfee data from Endpoint Security andother McAfee products from your computer.
McAfee support uses this data to analyze and resolve your problem.
5
McAfee Endpoint Security 10.5.0 Installation Guide 43
The information collected by the MER tool includes:
• Registry details • Event logs
• File version details • Process details
• Files
McAfee provides two versions of MER:
• WebMER runs on the client computer.
See How to use MER tools with supported McAfee products.
• MER tool for McAfee ePO uses McAfee ePO to run the MER tool on client computers.
See How to use the MER tool for McAfee ePO.
Resolving error codes and messagesError messages are displayed by programs when an unexpected condition occurs that can't be fixed bythe program itself. Use this list to find an error message, an explanation of the condition, and anyaction you can take to correct it.
Depending on how you launched the installation wizard, it displays a description of the error or anerror code.
Message Description Solution
Conflicting McAfeeproduct(s) found.
Error code: 16001The installation wizard detected one or moreconflicting McAfee products (such as DeepDefender) on the system that it can't removeautomatically.
Uninstall the conflictingproducts, then try installingagain.
Administrator rightsrequired.
Error code: 16002You must have administrator rights to run theinstallation wizard.
Log on as an administrator,then launch the installationwizard.
Invalid Package. Error code: 16006Invalid package found. Please verify that youhave a valid package.
Download a valid package file,then try installing the productagain.
Removal failed. Error code: 16007The installation wizard couldn't remove aprevious version of this product (such as abeta version) or a legacy product (such asVirusScan Enterprise or SiteAdvisorEnterprise) from the system.
Remove these productsmanually before installingEndpoint Security.Contact support if the issuepersists.
Installer failed tolaunch.
Error code: 16008The installation wizard was not able tolaunch.
Contact McAfee support.
Restart required Error code: 16015The installation wizard requires a systemrestart to continue the installation.
Restart the system to continuewith the installation.
Restart required Error code: 16016The installation wizard requires a systemrestart to complete the installation.
Restart the system to completethe installation.
5 Troubleshooting and referenceResolving error codes and messages
44 McAfee Endpoint Security 10.5.0 Installation Guide
Message Description Solution
Restart pending Error code: 16017A system restart from a previous installationor removal operation is pending.
Restart the system to continuewith the installation.
Incompatible softwareremoval failed.
Error code: 16018The installation wizard tried and failed toremove one or more incompatible softwareproducts it detected on the system.
Remove these productsmanually before installingEndpoint Security.
Installation canceled. Error code: 16020The user canceled the installation before itcompleted. The installation wizard made nochanges to the user's system.
Run the installation wizardagain.
Migration failed. Error code: 16025The installation wizard tried to migratesettings from a legacy product, but itencountered an error.
Run the installation wizardagain at a later time.
Installation failed. Error code: 16026The installation wizard was interrupted beforeit finished installing Endpoint Security. Itmade no changes to your system.
Run the installation wizardagain at a later time.
Your system is notprotected. Yourprevious securitysoftware wasuninstalled, but theinstaller was interruptedbefore McAfee EndpointSecurity was installed.Call McAfee support forassistance as soon aspossible.
Error code: 16029, 16030, 16031The installation wizard was interrupted beforeEndpoint Security was installed. Yourprevious software was uninstalled, but noother changes were made to your system.
To protect your system againstthreats, contact McAfee supportas soon as possible.
Your system is not fullyprotected. The installercould not install[product name]. CallMcAfee support forassistance.
Error code: 16032One or more Endpoint Security productmodules failed to install. Your previoussoftware was uninstalled.
To fully protect your systemagainst threats, call McAfeesupport as soon as possible.
Policy import failed. Error code: 16502The installation wizard installed EndpointSecurity successfully, but couldn't import thespecified policy.
Check that you selected theproper data to import. Contactsupport if the issue persists.
Policy import failed. Error code: 17001The installation wizard couldn't import thespecified policy.
Check that you selected theproper data to import. ContactMcAfee support if the issuepersists.
Installation failed andthen rollback failed.
Error code: 17002The installation wizard couldn't installEndpoint Security or roll back the changes itmade to the user's system.
Check the installation logs onthe system and contact McAfeesupport for assistance.
Troubleshooting and referenceResolving error codes and messages 5
McAfee Endpoint Security 10.5.0 Installation Guide 45
Message Description Solution
Installation canceledand then rollback failed.
Error code: 17003The installation was canceled before itcompleted. The installation wizard couldn'troll back the changes it made to the user'ssystem.
Check the installation logs onthe system and contact McAfeesupport for assistance.
Another installationwizard is alreadyrunning.
Error code: 1618Another installation is already in progress.
Complete that installationbefore proceeding with the newinstallation.
Installation failed. Error code: variousThe installation wizard couldn't installEndpoint Security. It made no changes to theuser's system.
See MsiExec.exe andInstMsi.exe Error Messages fordescriptions of specific errorcodes.If the issue persists, contactMcAfee support.
Using command-line optionsUse command-line options to customize product installation and uninstallation from the command line.
Supported options differ by product platform.
SetupEP command-line options (McAfee ePO and McAfee ePOCloud deployment tasks)Use these command-line options within a deployment task to install the product on systems managedwith McAfee ePO and McAfee ePO Cloud.
For each product module selected in a product deployment task, type supported options in thecorresponding Command line window. (Do not type the command, type only the options.)
Options are not case-sensitive.
Example
setupEP.exe INSTALLDIR="D:\Installed Programs" /l"D:\Installed Programs\Logs"
Installs the product files to a folder on drive D under Installed Programs and saves the installationlog files to a folder under Installed Programs\Logs.
5 Troubleshooting and referenceUsing command-line options
46 McAfee Endpoint Security 10.5.0 Installation Guide
Option Definition
INSTALLDIR="install_path" Specifies where to install the product files on the computer.
The installation wizard creates an Endpoint folder at the specifiedlocation and installs the product to this folder.
Example:INSTALLDIR="D:\Installed Programs"Installs the product modules under D:\Installed Programs\EndPoint\.
By default, product files are installed in the folder C:\windows\Temp\McAfeeLogs.
/log"install_log_path" or /l"install_log_path"/l*v"install_log_path"
• Specifies where to save the installation log files for trackinginstallation events.The installation wizard creates an Endpoint folder at thespecified location and saves the log files to this folder.
Example:/l"D:\Log Files"Installs the product log files under D:\Log Files\EndPoint\.
By default, log files are saved in the Windows System TEMPfolder C:\windows\Temp\McAfeeLogs.
• *v — Specifies verbose (more descriptive) logging entries.
/nocontentupdate Does not update product content files automatically as part of theinstallation process.Content files include the latest AMCore and Exploit Preventioncontent files required for Endpoint Security.
Best practice: Update content files to ensure that the system isfully protected. If you don't update them during installation,schedule an update as soon as possible.
/override"program_name" Overrides and uninstalls conflicting products as specified:• hips — McAfee Host Intrusion Prevention
Example:/override"hips"Uninstalls McAfee Host Intrusion Prevention automatically duringinstallation.
See also Download Endpoint Security content files on page 29Log files on page 51
SetupEP command-line options (self-managed)Use these options with the SetupEP utility to install the product from a command line.
Open a Command Prompt window, then run the SetupEP command using the appropriatecommand-line options.
Options are not case-sensitive.
Example
Troubleshooting and referenceUsing command-line options 5
McAfee Endpoint Security 10.5.0 Installation Guide 47
setupEP.exe INSTALLDIR="D:\My Programs" /l"D:\My Log Files"
Installs the product files to a folder on drive D under My Programs and saves the installation log filesto a folder under My Log Files.
Basic options
setupEP.exe ADDLOCAL="fw,tp,wc" [INSTALLDIR="install_path"][/qb][/qb!][/l*v"install_log_path"]
All options
setupEP.exe ADDLOCAL="fw,tp,wc" [INSTALLDIR="install_path"][/qb][/qb!][/l"install_log_path"][/l*v"install_log_path"] [/import <file_name>] [/module <TP|FW|WC|ESP>] [/nopreservesettings] [/override"program_name"] [/policyname <name>] [/unlock<password>]
Option Definition
ADDLOCAL="fw,tp,wc" Selects the product modules to install:
• fw — Firewall
• tp — Threat Prevention
• wc — Web Control
• fw,tp,wc — Install all three modules.
Example:ADDLOCAL="tp,wc"Installs Threat Prevention and Web Control.
INSTALLDIR="install_path" Specifies where to install the product files on the computer.
The installation wizard creates an Endpoint folder at thespecified location and installs the product to this folder.
Example:INSTALLDIR="D:\Installed Programs"Installs the product modules under D:\Installed Programs\EndPoint\.
By default, product files are installed in the folder C:\windows\Temp\McAfeeLogs.
/log"install_log_path" or /l"install_log_path"/l*v"install_log_path"
• Specifies where to save the installation log files for trackinginstallation events.The installation wizard creates an Endpoint folder at thespecified location and saves the log files to this folder.
Example:/l"D:\Log Files"Installs the product log files under D:\Log Files\EndPoint\.
By default, log files are saved in the User TEMP folder C:\users\username\AppData\Local\Temp\McAfeeLogs.
• *v — Specifies verbose (more descriptive) logging entries.
5 Troubleshooting and referenceUsing command-line options
48 McAfee Endpoint Security 10.5.0 Installation Guide
Option Definition
/qn or /quiet/qb! or /passive/qb
Specifies how the users can interact with the installation wizard:
• qn — Hide all installation notifications (silent mode). Usershave no interaction.
• qb! — Show only a progress bar without a Cancel button. Userscannot cancel the installation while it is in progress (passivemode).
• qb — Show only a progress bar with a Cancel button. Users cancancel the installation while it is in progress, if needed.
/import <file_name> Imports policy settings from the specified file.
/module <TP|FW|WC|ESP> Applies imported policy settings to the specified productmodules.• TP — Threat Prevention
• FW — Firewall
• WC — Web Control
• ESP — Resources shared by product modules.
Example:/module TP FWImports settings to Threat Prevention and Firewall.
/nocontentupdate Do not update product content files automatically as part of theinstallation process.Content files include the latest AMCore and Exploit Preventioncontent files required for Endpoint Security.
Best practice: Update content files to ensure that the systemis fully protected. If you don't update them during installation,schedule an update as soon as possible.
/nopreservesettings Do not migrate your product settings to Endpoint Security.By default, settings are preserved.
/override"program_name" Overrides and uninstalls conflicting products as specified:• hips — McAfee Host Intrusion Prevention
Example:/override"hips"Uninstalls McAfee Host Intrusion Prevention automatically duringinstallation.
/policyname <name> Assigns the specified policy to systems where the product isinstalled.
/unlock <password> Sets the password for unlocking the client UI.
See also Download Endpoint Security content files on page 29Log files on page 51Create a custom policy to import on page 21
Troubleshooting and referenceUsing command-line options 5
McAfee Endpoint Security 10.5.0 Installation Guide 49
ESConfigTool command-line optionsUse these options with the ESConfigTool utility to create a file of preconfigured policy settings thatyou can import during installation of Endpoint Security.
Open a Command Prompt window, then run the ESConfigTool command using the appropriatecommand-line options.
Options are not case-sensitive.
Example
ESConfigTool.exe /export C:\ENS\preconfigured.policy /module TP FW
Exports policy settings for Threat Prevention and Firewall to the file C:\ENS\preconfigured.policy.
Basic options
ESConfigTool.exe /export <file_name> [/module <TP|FW|WC|ESP> ] [/unlock <password> ][/plaintext ]
Option Definition
/export<file_path_and_name>
Saves policy settings to a file with the specified name and location.Example:/export C:\My Programs\Endpoint\preconfigured.policyExports settings to the file preconfigured.policy in the C:\MyPrograms\Endpoint folder.
Save this file to a folder that is not protected by McAfee. The foldercontaining ESConfigTool is protected, so the export location shouldbe a different, writable location.
/module <TP|FW|WC|ESP> Specifies which product module settings to export.• TP — Threat Prevention
• FW — Firewall
• WC — Web Control
• ESP — Resources shared by product modules.
Example:/module TP FW WC ESPExports settings for all product modules.
/unlock <password> Sets the password for unlocking the client UI.
/plaintext Specifies descriptive comments in human-readable format.
See also Create a custom policy to import on page 21
5 Troubleshooting and referenceUsing command-line options
50 McAfee Endpoint Security 10.5.0 Installation Guide
Log filesThe installation wizard tracks details about installation, uninstallation, and migration in log files thatyou can use to verify results and troubleshoot problems.
Default location of installation log files
By default, the installation wizard installs the installation log files in a TEMP folder. Use command-lineoptions to change the location for the log files.
Management platform Installation log file location
McAfee ePO Windows System TEMP folder(C:\Windows\TEMP\McAfeeLogs by default)McAfee ePO Cloud
Self-managed User TEMP folder — %Temp%\McAfeeLogs(C:\Users\username\AppData\Local\Temp\McAfeeLogs by default)
Types of log files
Check these log files for details about installation, uninstallation, and migration.
Log file name Type of information
McAfee_<module>_Install_XX.log Installation log for each product module.Example: McAfee_TP_Install_XX.log
McAfee_<Module>_Bootstrapper_XX.log Bootstrapper for each product module.
McAfee_Endpoint_BootStrapper_XX.log Bootstrapper for self-managed Master SETUPEP.
McAfee_<Module>_CustomAction_Install_XX.log MSI Custom Action for each product module.
McAfee_Endpoint_CompetitorUninstaller.log Removal of incompatible virus-protection andfirewall products.
McAfee_<Module>_UnInstall_XX.log Uninstallation log for each product module.
McAfee_<Module>_CustomAction_Uninstall_XX.log MSI Custom Action for each product module foruninstallation.
McAfee_Endpoint_Security_Migration_xxx.log Removal of legacy products.Example:McAfee_Endpoint_Security_Migration_McAfeeVirusScanEnterprise_8.8_06042015195245175.log
McAfee_<module>_Migration_Plugin.log Preserve and restore status of migrated legacysettings, per module.Example: McAfee_TP_Migration_Plugin.log
McAfee_ESP_Migration_Plugin.log Legacy settings migrated to the CommonOptions policy.
Troubleshooting and referenceLog files 5
McAfee Endpoint Security 10.5.0 Installation Guide 51
5 Troubleshooting and referenceLog files
52 McAfee Endpoint Security 10.5.0 Installation Guide
A Adaptive Threat Protection installation
Adaptive Threat Protection is an optional Endpoint Security module that analyzes content from yourenterprise and decides what to do based on file reputation, rules, and reputation thresholds.
You must manually install the components for Adaptive Threat Protection separately after EndpointSecurity installation is complete.
The Adaptive Threat Protection module is supported on Windows systems only.
Contents About Adaptive Threat Protection Install the product in managed environments Install the product on self-managed systems
About Adaptive Threat ProtectionAdaptive Threat Protection is an optional Endpoint Security module that analyzes content and decideswhat to do based on file reputation, rules, and reputation thresholds.
You can install Adaptive Threat Protection on Windows systems that are:
• Managed with McAfee ePO
• Self-managed
Adaptive Threat Protection isn't supported on systems managed by McAfee ePO Cloud.
Adaptive Threat Protection works with Endpoint Security Threat Prevention version 10.5. The ThreatPrevention and Common modules must be installed on the systems where Adaptive Threat Protectionis installed.
• McAfee ePO systems — If the product packages are checked in but not installed for these modules,they are installed automatically when you install Adaptive Threat Protection.
• Self-managed systems — If these modules are not installed, you can't install Adaptive ThreatProtection.
Content files for Adaptive Threat Protection contain rules to dynamically compute the reputation offiles and processes on the managed systems. They are updated every two months as part of theAMCore content package.
McAfee Endpoint Security 10.5.0 Installation Guide 53
Install the product in managed environmentsUse this information to install and use Endpoint Security Adaptive Threat Protection in networkenvironments managed with McAfee ePO.
Tasks
• Download and check in the components to McAfee ePO on page 57Check in the required Adaptive Threat Protection components to the McAfee ePO server. Ifyou plan to install the TIE server, you also need to download and check in the DataExchange Layer.
• Deploy Adaptive Threat Protection on page 58Deploy the Adaptive Threat Protection client package to managed systems. If you plan toinstall the TIE server, you also need to deploy the DXL Client.
• Verify the deployment on page 58After installing the Adaptive Threat Protection components, verify the deployment tomanaged systems. If you plan to install the TIE server, also verify deployment for the DataExchange Layer.
• Uninstall Adaptive Threat Protection on page 59Remove the product software from managed systems remotely from the managementconsole or locally at the managed system.
Using Adaptive Threat Protection on managed systemsYou can use McAfee ePO to configure, manage, deploy, and enforce Adaptive Threat Protectionpolicies. Once configured, you can then use queries and dashboards to monitor your environment forthreats.
Optional components
Adaptive Threat Protection can integrate with these optional components:
• TIE server — A server that stores information about file and certificate reputations, then passesthat information to other systems.
TIE server is optional. For information about the server, see the Threat Intelligence ExchangeProduct Guide.
• Data Exchange Layer — Clients and brokers that enable bidirectional communication between theAdaptive Threat Protection module on the managed system and the TIE server.
Data Exchange Layer is optional, but it is required for communication with TIE server. See McAfeeData Exchange Layer Product Guide for details.
These components are installed as McAfee ePO extensions and add several new features and reports.
How Adaptive Threat Protection works
Adaptive Threat Protection functions differently, depending on whether TIE server is deployed:
• If TIE server isn't available and the system is connected to the Internet, Adaptive Threat Protectionuses McAfee GTI for reputation decisions.
• If TIE server isn't available and the system isn't connected to the Internet, Adaptive ThreatProtection determines the file reputation using information about the local system.
• If TIE server is available, Adaptive Threat Protection uses the Data Exchange Layer framework toshare file and threat information instantly across the whole enterprise.
See the Endpoint Security Adaptive Threat Protection Help for more information.
A Adaptive Threat Protection installationInstall the product in managed environments
54 McAfee Endpoint Security 10.5.0 Installation Guide
System requirements for Adaptive Threat ProtectionAdaptive Threat Protection is supported in McAfee ePO environments that meet the requirementsdescribed in Chapter 2. Make sure that your system environment meets these additional requirementsand that you have administrator rights.
Products Components Version Notes
VMware vSphere 5.1.0 withVMWare vSphereESXi 5.1 or later
Optional. Required if deploying theTIE server.
See the McAfee Threat IntelligenceExchange Server Product Guide.
Threat IntelligenceExchange
Threat IntelligenceExchange (TIE)server
1.2 Optional. See the McAfee ThreatIntelligence Exchange Server ProductGuide.
McAfee ePO server(on-premise only)
5.1.1, 5.3
McAfee ePO productpackages (checkedin to the MasterRepository)
McAfee Agent forWindows
5.0.2.333 or later(5.0.4recommended)
Automatically checked in when youcheck in Endpoint Security to McAfeeePO.
Data ExchangeLayer Clientpackage
2.0.0 Optional. Required if deploying theTIE server.
Endpoint SecurityPlatform
10.5 Automatically checked in when youcheck in Endpoint Security to McAfeeePO.
Endpoint SecurityThreat Prevention
10.5 Automatically checked in when youcheck in Endpoint Security to McAfeeePO.
Endpoint SecurityAdaptive ThreatProtection
10.5 Separate package.
Best practice: To use all thenewest features, install the 10.5version of Adaptive ThreatProtection with the 10.5 versionof Endpoint Security.
McAfee ePO productextensions (installedin Extensions)
McAfee Agentextension
5.0.2.333 or later(5.0.4recommended)
Automatically checked in when youcheck in the Endpoint Securityproduct to McAfee ePO.
Endpoint SecurityPlatform
10.5 Automatically checked in when youcheck in the Endpoint Securityproduct to McAfee ePO.
Endpoint SecurityThreat Preventionextension
10.5 Automatically checked in when youcheck in the Endpoint Securityproduct to McAfee ePO.
Endpoint SecurityAdaptive ThreatProtectionextension
10.5 Required. Separate package.
Threat IntelligenceExchange Serverextension
1.1 Optional. Required if deploying theTIE server.
Adaptive Threat Protection installationInstall the product in managed environments A
McAfee Endpoint Security 10.5.0 Installation Guide 55
Products Components Version Notes
Products deployedto your managedsystems
McAfee Agent 5.0.2.333 or later(5.0.4recommended)
For more information about thiscomponent, see the McAfee AgentProduct Guide.
Data ExchangeLayer Clientpackage
2.0.0 Optional. Required if deploying theTIE server.
Can be deployed as part of theEndpoint Security deployment.
Endpoint SecurityPlatform
10.5 Can be deployed as part of theEndpoint Security deployment.
If you have checked in this productpackage to the Master Repositorybut not deployed it, it is deployedalong with Adaptive ThreatProtection.
Endpoint SecurityThreat Prevention
10.5 Can be deployed as part of theEndpoint Security deployment.
If you have checked in this productpackage to the Master Repositorybut not deployed it, it is deployedalong with Adaptive ThreatProtection.
Endpoint SecurityAdaptive ThreatProtection
10.2 or 10.5 Endpoint Security version 10.5supports Endpoint Security ThreatIntelligence version 10.2 or EndpointSecurity Adaptive Threat Protectionversion 10.5.
Best practice: To use all thenewest features, install the 10.5version of Adaptive ThreatProtection with the 10.5 versionof Endpoint Security.
Overview of Adaptive Threat Protection installation processComplete these tasks to install and use Adaptive Threat Protection in managed network environments.
Tasks related to the TIE server are required only when the TIE server is installed.
1 Install the Endpoint Security product files on McAfee ePO.
• At a minimum, install the Endpoint Security Threat Prevention and Endpoint Security Platformextensions. These are installed as part of the Endpoint Security bundle.
• Check in the Endpoint Security Client product deployment package to the Master Repository.
2 Download and check in the product components to McAfee ePO.
3 (Required for TIE server only.) Install the Data Exchange Layer product files on McAfee ePO.
• Install the Data Exchange Layer extension.
• Check in the Data Exchange Layer product deployment package to the Master Repository.
A Adaptive Threat Protection installationInstall the product in managed environments
56 McAfee Endpoint Security 10.5.0 Installation Guide
4 Install the Adaptive Threat Protection product files on McAfee ePO.
• Install the Adaptive Threat Protection extension.
• Check in the Adaptive Threat Protection product deployment package to the Master Repository.
5 Deploy the correct version of McAfee Agent to managed systems.
6 (Required for TIE server only.) Deploy the Data Exchange Layer package to managed systems.
7 Deploy Endpoint Security (at least Threat Prevention and Endpoint Security Platform) and AdaptiveThreat Protection to managed systems.
You can use a single deployment task for steps 6 and 7.
8 Verify the deployment.
9 (Required for TIE server only.) Install and configure the Threat Intelligence Exchange (TIE) server.See the McAfee Threat Intelligence Exchange Product Guide.
See also Install the product files on the management server on page 28Deploy to multiple systems with deployment tasks on page 29
Download and check in the components to McAfee ePOCheck in the required Adaptive Threat Protection components to the McAfee ePO server. If you plan toinstall the TIE server, you also need to download and check in the Data Exchange Layer.
Before you beginThe Endpoint Security product files (at least the Threat Prevention and Endpoint SecurityPlatform packages) are installed on the McAfee ePO server, and the Endpoint SecurityClient product deployment package is added to the Master Repository.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 In McAfee ePO, select Menu | Software | Software Manager.
2 (Required only for TIE server) Check in the McAfee Data Exchange Layer package:
a From Management Solutions, select McAfee Data Exchange Layer 2.0.
b Check in the DXL Bundle package.
3 Check in the Adaptive Threat Protection package:
a From Endpoint Security, select McAfee Endpoint Security 10.5.
b Check in the Endpoint Security Adaptive Threat Protection package.
See also Install the product files on the management server on page 28
Adaptive Threat Protection installationInstall the product in managed environments A
McAfee Endpoint Security 10.5.0 Installation Guide 57
Deploy Adaptive Threat ProtectionDeploy the Adaptive Threat Protection client package to managed systems. If you plan to install theTIE server, you also need to deploy the DXL Client.
Before you beginMcAfee Endpoint Security, including the Endpoint Security Platform and Threat Preventionmodules, is deployed to the managed system. If you have checked in the client packagesfor these modules to the McAfee ePO server, but have not deployed them, the installationwizard deploys them with Adaptive Threat Protection. The systems where you install theproduct must meet the requirements.
If Endpoint Security Threat Intelligence version 10.2 is installed, it is removed automatically duringthis installation process.
See the McAfee ePO Help for details about deploying software.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 In McAfee ePO, select Menu | Software | Product Deployment, then click New Deployment.
2 Complete the new deployment information, being sure to deploy the packages in this order:
1 Data Exchange Layer Client — Required only if you plan to install the TIE server.
2 Endpoint Security Adaptive Threat Protection
3 Start the deployment.
See also System requirements for Adaptive Threat Protection on page 55System requirements for Endpoint Security on page 15Deploy to multiple systems with deployment tasks on page 29
Verify the deploymentAfter installing the Adaptive Threat Protection components, verify the deployment to managedsystems. If you plan to install the TIE server, also verify deployment for the Data Exchange Layer.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 In the System Tree, click the group or system name, then click the Products tab.
2 Verify that the following components are listed:
• McAfee Endpoint Security Platform
• McAfee Endpoint Security Threat Prevention
• McAfee DXL Client — Required only if you plan to install the TIE server.
• McAfee Endpoint Security Adaptive Threat Protection
A Adaptive Threat Protection installationInstall the product in managed environments
58 McAfee Endpoint Security 10.5.0 Installation Guide
What to do after installationWhen you have finished installing Adaptive Threat Protection, you need to set up the product.
See the Endpoint Security Adaptive Threat Protection Help for information about:
• Using Adaptive Threat Protection to detect and respond to threats in your environment
• Accessing Adaptive Threat Protection reports in McAfee ePO
For additional threat intelligence sources and functionality, you can also deploy the Threat IntelligenceExchange server. See the McAfee Threat Intelligence Exchange Product Guide for information aboutinstalling and configuring the optional server.
Uninstall Adaptive Threat ProtectionRemove the product software from managed systems remotely from the management console orlocally at the managed system.
You can continue to use Endpoint Security after uninstalling Adaptive Threat Protection. To uninstallEndpoint Security product modules, complete this task, then follow the instructions for uninstallingEndpoint Security.
TaskFor details about product features, usage, and best practices, click ? or Help.
• Remove the client software using one of these methods.
To uninstall... Do this...
From multiplesystemsremotely
1 On the security management console, select Menu | Policy | Product Deployment.
2 Duplicate the deployment task you used to install Adaptive Threat Protection,then specify Remove as the Action.If you also selected Threat Prevention and Endpoint Security Platform(Common) in the original deployment task, they will be uninstalled.
3 Verify that the client software was uninstalled from the selected systems.Click Dashboards, then select Endpoint Security: Installation Status.
See the McAfee ePO product guide for more information about using productdeployment tasks.
From the localmanaged system
1 Open the Windows Control Panel, then go to the Uninstall Programs screen.
2 In the list of programs, select McAfee Endpoint Security Adaptive Threat Protection, thenclick Uninstall.
3 If prompted, enter a password.By default, no password is required.
You must uninstall Adaptive Threat Protection before uninstalling ThreatPrevention.
See also Uninstall from systems managed with McAfee ePO or McAfee ePO Cloud on page 34
Adaptive Threat Protection installationInstall the product in managed environments A
McAfee Endpoint Security 10.5.0 Installation Guide 59
Install the product on self-managed systemsUse this information to install and use Endpoint Security Adaptive Threat Protection on self-managedsystems.
Tasks• Install Adaptive Threat Protection on the system on page 61
Install the product software on a self-managed system after installing version 10.5 ofMcAfee Endpoint Security.
• Verify the installation on self-managed systems on page 61After installing Adaptive Threat Protection, verify the installation.
• Uninstall Adaptive Threat Protection on self-managed systems on page 62Remove the product software on a self-managed system from the Windows Control Panel.
Using Adaptive Threat Protection on self-managed systemsOn self-managed systems, the Endpoint Security Adaptive Threat Protection module allows you tocreate rules for blocking and allowing a file or certificate based on its reputation, containing files withDynamic Application Containment, and using Real Protect.
Adaptive Threat Protection protects systems even when they're not connected to the internet.
• If the system is connected to the Internet, Adaptive Threat Protection uses McAfee GTI forreputation decisions.
• If the system isn't connected to the Internet, Adaptive Threat Protection determines the filereputation using information on the local system.
See the Endpoint Security Adaptive Threat Protection Help for more information.
System requirements for Adaptive Threat Protection on self-managed systemsAdaptive Threat Protection is supported on self-managed systems that meet the requirementsdescribed in Chapter 2. Make sure that your system also meets these additional requirements and thatyou have administrator rights.
Components Version Notes
McAfee Agent 5.0.2.333 or later(5.0.4 recommended)
The install wizard automatically upgrades version4.0 and later of the agent to a supported versionduring Endpoint Security upgrades. You can alsoupgrade the agent manually.
Endpoint SecurityPlatform
10.5 Can be installed as part of the Endpoint Securitybundle.
Endpoint Security ThreatPrevention
10.5 Can be installed as part of the Endpoint Securitybundle.
Endpoint SecurityAdaptive ThreatProtection
10.5
A Adaptive Threat Protection installationInstall the product on self-managed systems
60 McAfee Endpoint Security 10.5.0 Installation Guide
Overview of Adaptive Threat Protection installation processComplete these tasks to install and use Adaptive Threat Protection on self-managed systems.
1 Install the correct version of McAfee Agent.
2 Install Endpoint Security components (at least Threat Prevention and Endpoint Security Platform).
3 Install Adaptive Threat Protection.
4 Verify the deployment.
5 Set up and verify that the features are working correctly.
Install Adaptive Threat Protection on the systemInstall the product software on a self-managed system after installing version 10.5 of McAfee EndpointSecurity.
Before you beginMcAfee Endpoint Security version 10.5, including the Endpoint Security Platform and ThreatPrevention modules, is installed on the system. The systems where you install the productmust meet the requirements.
If Endpoint Security Threat Intelligence version 10.2 is installed, it is removed automatically duringthis installation process.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Download the Adaptive Threat Protection .zip file to the self-managed system.
If you purchase the product online, McAfee or another provider sends instructions and a URL fordownloading the product.
2 Unzip the contents of the file, then double-click setupatp.exe.
See also System requirements for Adaptive Threat Protection on self-managed systems on page 60
Verify the installation on self-managed systemsAfter installing Adaptive Threat Protection, verify the installation.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Open the Windows Control Panel, then go to the Uninstall Programs screen.
2 In the list of programs, verify that these products appear.
• McAfee Endpoint Security Platform
• McAfee Endpoint Security Threat Prevention
• McAfee Endpoint Security Adaptive Threat Protection
Adaptive Threat Protection installationInstall the product on self-managed systems A
McAfee Endpoint Security 10.5.0 Installation Guide 61
What to do after installationWhen you have finished installing Adaptive Threat Protection on the self-managed system, make surethat it is working as expected.
1 If proxies are configured in your environment, update the McAfee GTI proxy settings in theCommon module.
2 Check the About box to confirm that Adaptive Threat Protection reports McAfee GTI connectivity.Without McAfee GTI connectivity, detections might be reduced.
3 Select the appropriate rule group based on your needs. See the Endpoint Security Adaptive ThreatProtection Help for more information.
4 Configure Dynamic Application Containment. Configure exclusions, specify the trigger threshold,and set rules to block. See the Endpoint Security Adaptive Threat Protection Help for moreinformation.
Best practice: By default, Dynamic Application Containment rules are set to report only. Forinformation about Dynamic Application Containment rules, including best practices for when to set arule to report or block, see KB87843.
Uninstall Adaptive Threat Protection on self-managed systemsRemove the product software on a self-managed system from the Windows Control Panel.
You can continue to use Endpoint Security after uninstalling Adaptive Threat Protection. To uninstallEndpoint Security product modules, complete this task, then follow the instructions for uninstallingEndpoint Security.
TaskFor details about product features, usage, and best practices, click ? or Help.
1 Open the Windows Control Panel, then go to the Uninstall Programs screen.
2 In the list of programs, select McAfee Endpoint Security Adaptive Threat Protection, then click Uninstall.
3 If prompted, enter a password.
By default, no password is required.
4 Wait for the wizard to report that it has uninstalled the product. If you do not see a notification,check the Event Log to verify that the product was removed successfully.
See also Uninstall from a self-managed system on page 40
A Adaptive Threat Protection installationInstall the product on self-managed systems
62 McAfee Endpoint Security 10.5.0 Installation Guide
Index
Aabout this guide 5Adaptive Threat Protection
about 7and Data Exchange Layer Client 54
and Threat Prevention 53
content files 53
description 53
documentation 59
Adaptive Threat Protection, McAfee ePO systemsafter the installation 59
checking in components 57
content files, updates 29
deploying 58
how product works 54
installation overview 56
optional components 54
system requirements 55
uninstalling 59
verifying the deployment 58
Adaptive Threat Protection, self-managed systemsafter the installation 62
best practices 62
how product works 60
installation overview 61
installing 61
system requirements 60
uninstalling 62
verifying the installation 61
AMCore content files, updates 29
Bbest practices
Adaptive Threat Protection, observe mode 62
before installing and upgrading 18
customizing product settings 18
preparing to migrate legacy policies 22
rebooting after installation 25, 37
reinstalling client software 34, 40
running McAfee GetClean tool 18
testing custom packages 19
updating content files during installation 46, 47
version to install, Adaptive Threat Protection 55, 60
browser requirements 15
Cclient software
how it works 9installing, McAfee ePO Cloud systems 33
installing, McAfee ePO systems 29, 33
installing, self-managed systems 38, 39
Linux 14
Macintosh 14
requirements 15
testing threat prevention 43
uninstalling 34, 40
command-line installationESConfigTool utility, command-line options 50
McAfee ePO Cloud systems 29
McAfee ePO systems 29
self-managed systems 39
SetupEP utility, command-line options 46, 47
Common module, Endpoint Security Client 7compatibility
Deep Defender 17
firewalls 17
Host Intrusion Prevention 17, 27
McAfee Agent 22, 27
previous product versions 22
conflicting software 17
content files 53
content files, updates 29
conventions and icons used in this guide 5custom product packages, See preconfiguration of product
features
DData Exchange Layer
deploying 58
verifying the deployment 58
Data Exchange Layer Clientand Threat Prevention 54
installation overview 56
Deep Defender, compatibility 17
deploymentAdaptive Threat Protection 58
Data Exchange Layer client 58
McAfee Endpoint Security 10.5.0 Installation Guide 63
deployment (continued)McAfee ePO Cloud systems, product deployment task 29
McAfee ePO Cloud systems, URL 31–33
McAfee ePO systems, product deployment task 29
McAfee ePO systems, URL 31–33
documentationAdaptive Threat Protection 59
audience for this guide 5product-specific, finding 6Threat Intelligence 62
typographical conventions and icons 5Dynamic Application Containment 60, 62
EEICAR test virus 43
Endpoint Security for Linux, system requirements 15
Endpoint Security for Mac, system requirements 15
Endpoint Security Package Designerbest practices 18
creating custom packages 19
installing custom packages 20
Endpoint Security Platform, uninstalling 34, 40
error codes and messages 44
ESConfigTool utilitycommand-line options 50
exporting custom policy for installation 21
Exploit Prevention content files, updates 29
FFirewall
about 7firewalls, compatibility 17
GGetClean tool 18
HHost Intrusion Prevention
compatibility 17
McAfee Agent and 27
Iimport, custom policy during installation 21
installationbrowser requirements 15
checklist 23
conflicting software 17
creating custom policy to import 21
creating preconfigured custom packages 19
error codes and messages 44
log files, Endpoint Security 51
preconfigured custom packages 20
preconfiguring the product 18
installation (continued)requirements 15
security management platform requirements 15
Threat Intelligence Exchange server, overview 56
upgrading the product 22
installation, Adaptive Threat Protectionafter the installation, McAfee ePO systems 59
after the installation, self-managed systems 62
checking in components, McAfee ePO systems 57
deploying to McAfee ePO systems 58
installing on self-managed systems 61
overview, McAfee ePO systems 56
overview, self-managed systems 61
requirements, McAfee ePO systems 55
requirements, self-managed systems 60
verifying the deployment, McAfee ePO systems 58
verifying the installation, self-managed systems 61
installation, McAfee ePO Cloud systemscommand-line options 46
creating installation URL 31, 32
installing with URL 33
overview 25
product deployment task 29
sending installation URL 31, 32
verification 34
installation, McAfee ePO systemscommand-line options 46
creating installation URL 31, 32
installing on security management server 28
installing with URL 33
overview 25
product deployment task 29
sending installation URL 31, 32
verification 34
installation, self-managed systemscommand-line options 47
installing with command line 39
overview 37
verification 39
wizard 38
Llegacy products
compatibility 22
migrating settings, overview 8, 22
upgrades, self-managed systems 38
upgrading, overview 8, 22
license information, McAfee ePO Cloud systems 25
Linux supportclient software 14
requirements 15
log filesEndpoint Security, installation 51
Index
64 McAfee Endpoint Security 10.5.0 Installation Guide
MMacintosh support
client software 14
requirements 15
management platforms, See security management platforms management server, See security management server McAfee Agent
Host Intrusion Prevention, compatibility 27
installation requirements, Adaptive Threat Protection 55, 60
installation requirements, all platforms 15
upgrading, McAfee ePO Cloud systems 27
upgrading, McAfee ePO systems 27
upgrading, self-managed systems 38
McAfee ePO Cloud systemscommand-line options 46
creating installation URL 31, 32
creating product deployment task 29
installation overview 25
installing with command line 29
installing with URL 33
license information 25
security management platform overview 13
sending installation URL 31, 32
uninstalling the product 34
upgrading McAfee Agent 27
verifying installation 34
McAfee ePO systemsAdaptive Threat Protection and 53
command-line options 46
creating installation URL 31, 32
creating product deployment task 29
installation overview 25
installing on security management server 28
installing with command line 29
installing with URL 33
preconfigured settings 19, 20
security management platform overview 11
sending installation URL 31, 32
updating content files 29
upgrading McAfee Agent 27
verifying installation 34
McAfee ePO systems, uninstallation 34
McAfee GTI 18, 54, 60, 62
McAfee ServicePortal, accessing 6MER tool, troubleshooting 43
migrationcompatible legacy products 22
custom policies and 20
log files 51
self-managed systems, See upgradesmodules
about Endpoint Security 7
Nnon-Microsoft browsers 15
Ooperating systems, supported
Adaptive Threat Protection 55, 60
Endpoint Security 15
Ppolicies
migrating, best practice 22
migrating, overview 8, 22
migrating, precedence 20
preconfiguring 18–21
preconfiguration of product featuresbest practices 18
creating custom packages 19
creating custom policy to import 21
installing custom packages 20
migration and 20
overview 18
preserved settings, self-managed systems 37–39
product deployment taskMcAfee ePO Cloud systems 29
McAfee ePO systems 29
RReal Protect 60, 62
remove, See uninstallation requirements
Adaptive Threat Protection, McAfee ePO systems 55
Adaptive Threat Protection, self-managed systems 60
browser 15
Linux systems 15
Macintosh systems 15
McAfee Agent 15
security management platforms 15
Windows systems 15
Ssecurity level, browser 15
security management platformsMcAfee ePO Cloud, overview 13
McAfee ePO, overview 11
options 11
overview 10
requirements 15
self-managed systemsAdaptive Threat Protection and 60
command-line options 47, 50
installation, command line 39
installation, overview 37
installation, wizard 38
Index
McAfee Endpoint Security 10.5.0 Installation Guide 65
self-managed systems (continued)preconfigured settings 18, 21
preserved settings 37
uninstalling the product 40
upgrades, overview 37
upgrading McAfee Agent 38
upgrading product 38
verifying installation 39
verifying preserved settings 39
serversserver-side installation, McAfee ePO 28
supported operating systems, Endpoint Security 15
ServicePortal, finding product documentation 6Setup utility, See SetupEP utility or SetupATP utility SetupATP utility 61
SetupEP utilitycommand-line options 46, 47
using, McAfee ePO Cloud systems 29
using, McAfee ePO systems 29
using, self-managed systems 39
silent installationMcAfee ePO Cloud systems 29
McAfee ePO systems 29
self-managed systems 39
SetupEP utility, command-line options 46, 47
standalone systems, See self-managed systems system requirements, See requirements
Ttechnical support, finding product information 6Threat Intelligence
documentation 62
Threat Intelligence Exchange server 54–56
Threat Preventionabout 7and Adaptive Threat Protection 53
threat prevention, test 43
TIE server, See Threat Intelligence Exchange server tools
ESConfigTool 21
MER and WebMER 43
troubleshootingerror codes and messages, Endpoint Security 44
using the MER tools 43
viewing log files, Endpoint Security 51
Uuninstallation
conflicting software 17
uninstallation (continued)Endpoint Security Platform 34, 40
log files, Endpoint Security 51
McAfee ePO Cloud systems 34
McAfee ePO systems 34
self-managed systems 40
uninstallation, Adaptive Threat ProtectionMcAfee ePO systems 59
self-managed systems 62
unmanaged systems, See self-managed systems updates, content files 29
upgradesEndpoint Security, overview 8, 22
legacy products, overview 8, 22
McAfee Agent, McAfee ePO Cloud systems 27
McAfee Agent, McAfee ePO systems 27
McAfee Agent, self-managed systems 38
overview, McAfee ePO Cloud systems 25
overview, McAfee ePO systems 25
overview, self-managed systems 37
verifying, McAfee ePO Cloud systems 34
verifying, McAfee ePO systems 34
verifying, self-managed systems 39
wizard, self-managed systems 38
URL installationMcAfee ePO Cloud systems 31–33
McAfee ePO systems 31–33
utilitiesESConfigTool 21, 50
SetupATP 61
SetupEP 46, 47
Vverification, installation
Adaptive Threat Protection, McAfee ePO systems 58
Adaptive Threat Protection, self-managed systems 61
McAfee ePO Cloud systems 34
McAfee ePO systems 34
self-managed systems 39
virus protection, test 43
WWeb Control
about 7WebMER tool, troubleshooting 43
Windows firewall 17
Windows support, requirements 15
Index
66 McAfee Endpoint Security 10.5.0 Installation Guide
0-00