67
Installation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Embed Size (px)

Citation preview

Page 1: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Installation Guide

McAfee Endpoint Security 10.5.0For use with McAfee ePolicy Orchestrator

Page 2: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

COPYRIGHT

© 2016 Intel Corporation

TRADEMARK ATTRIBUTIONSIntel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee ActiveProtection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfeeTotal Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.Other marks and brands may be claimed as the property of others.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

2 McAfee Endpoint Security 10.5.0 Installation Guide

Page 3: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Contents

Preface 5About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1 Product overview 7Endpoint Security modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Options for installation and upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . 8New features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8How the product works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

The role of the security management platform . . . . . . . . . . . . . . . . . . . 10Security management options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Self-management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Management with McAfee ePO . . . . . . . . . . . . . . . . . . . . . . . . . 11Management with McAfee ePO Cloud . . . . . . . . . . . . . . . . . . . . . . . 13

Where to go from here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

2 Pre-installation 15System requirements for Endpoint Security . . . . . . . . . . . . . . . . . . . . . . . 15Other virus-detection and firewall software . . . . . . . . . . . . . . . . . . . . . . . 17Preparing to install or upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Preconfiguring the product . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Create custom packages with Endpoint Security Package Designer . . . . . . . . . . . 19Install custom packages with McAfee ePO . . . . . . . . . . . . . . . . . . . . . 20Create a custom policy to import . . . . . . . . . . . . . . . . . . . . . . . . 21

Upgrading an existing version of the product . . . . . . . . . . . . . . . . . . . . . . . 22Are you ready to install? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3 Installation for systems managed with McAfee ePO and McAfee ePO Cloud 25Installation overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Upgrade the McAfee Agent on McAfee ePO-managed systems . . . . . . . . . . . . . . . . 27Install the product files on the management server . . . . . . . . . . . . . . . . . . . . 28Download Endpoint Security content files . . . . . . . . . . . . . . . . . . . . . . . . 29Deploy to multiple systems with deployment tasks . . . . . . . . . . . . . . . . . . . . 29Install on local systems with an installation URL . . . . . . . . . . . . . . . . . . . . . 31

Install the product with default settings . . . . . . . . . . . . . . . . . . . . . . 31Install the product with custom settings . . . . . . . . . . . . . . . . . . . . . 32Install with an installation URL . . . . . . . . . . . . . . . . . . . . . . . . . 33

Verify the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Uninstall from systems managed with McAfee ePO or McAfee ePO Cloud . . . . . . . . . . . 34

4 Installation for self-managed systems 37Installation overview for self-managed systems . . . . . . . . . . . . . . . . . . . . . 37Upgrade the McAfee Agent on self-managed systems . . . . . . . . . . . . . . . . . . . 38

McAfee Endpoint Security 10.5.0 Installation Guide 3

Page 4: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Install with the installation wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Install from the command line . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Verify the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Uninstall from a self-managed system . . . . . . . . . . . . . . . . . . . . . . . . . 40

5 Troubleshooting and reference 43Troubleshooting installation problems . . . . . . . . . . . . . . . . . . . . . . . . . 43

Test malware detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Using the MER tool for troubleshooting . . . . . . . . . . . . . . . . . . . . . . 43

Resolving error codes and messages . . . . . . . . . . . . . . . . . . . . . . . . . . 44Using command-line options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

SetupEP command-line options (McAfee ePO and McAfee ePO Cloud deployment tasks) . . 46SetupEP command-line options (self-managed) . . . . . . . . . . . . . . . . . . 47ESConfigTool command-line options . . . . . . . . . . . . . . . . . . . . . . 50

Log files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

A Adaptive Threat Protection installation 53About Adaptive Threat Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Install the product in managed environments . . . . . . . . . . . . . . . . . . . . . . 54

Using Adaptive Threat Protection on managed systems . . . . . . . . . . . . . . . 54System requirements for Adaptive Threat Protection . . . . . . . . . . . . . . . . 55Overview of Adaptive Threat Protection installation process . . . . . . . . . . . . . . 56Download and check in the components to McAfee ePO . . . . . . . . . . . . . . . 57Deploy Adaptive Threat Protection . . . . . . . . . . . . . . . . . . . . . . . . 58Verify the deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58What to do after installation . . . . . . . . . . . . . . . . . . . . . . . . . . 59Uninstall Adaptive Threat Protection . . . . . . . . . . . . . . . . . . . . . . . 59

Install the product on self-managed systems . . . . . . . . . . . . . . . . . . . . . . 60Using Adaptive Threat Protection on self-managed systems . . . . . . . . . . . . . . 60System requirements for Adaptive Threat Protection on self-managed systems . . . . . . 60Overview of Adaptive Threat Protection installation process . . . . . . . . . . . . . . 61Install Adaptive Threat Protection on the system . . . . . . . . . . . . . . . . . . 61Verify the installation on self-managed systems . . . . . . . . . . . . . . . . . . 61What to do after installation . . . . . . . . . . . . . . . . . . . . . . . . . . 62Uninstall Adaptive Threat Protection on self-managed systems . . . . . . . . . . . . 62

Index 63

Contents

4 McAfee Endpoint Security 10.5.0 Installation Guide

Page 5: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Preface

This guide provides the information you need to work with your McAfee product.

Contents About this guide Find product documentation

About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.

AudienceMcAfee documentation is carefully researched and written for the target audience.

The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

ConventionsThis guide uses these typographical conventions and icons.

Italic Title of a book, chapter, or topic; a new term; emphasis

Bold Text that is emphasized

Monospace Commands and other text that the user types; a code sample; a displayed message

Narrow Bold Words from the product interface like options, menus, buttons, and dialog boxes

Hypertext blue A link to a topic or to an external website

Note: Extra information to emphasize a point, remind the reader of something, orprovide an alternative method

Tip: Best practice information

Caution: Important advice to protect your computer system, software installation,network, business, or data

Warning: Critical advice to prevent bodily harm when using a hardware product

McAfee Endpoint Security 10.5.0 Installation Guide 5

Page 6: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Find product documentationOn the ServicePortal, you can find information about a released product, including productdocumentation, technical articles, and more.

Task1 Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab.

2 In the Knowledge Base pane under Content Source, click Product Documentation.

3 Select a product and version, then click Search to display a list of documents.

PrefaceFind product documentation

6 McAfee Endpoint Security 10.5.0 Installation Guide

Page 7: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

1 Product overview

McAfee®

Endpoint Security is a fully integrated security solution that protects servers, endpointcomputer systems, laptops, and tablets against a full spectrum of threats. These threats includemalware, suspicious communications, unsafe websites, and downloaded files. Endpoint Securityintercepts threats, monitors overall system health, and reports detection and status information.

The product can be installed on self-managed (standalone) systems or systems managed by thesesecurity management platforms:

• McAfee® ePolicy Orchestrator® (McAfee® ePO™) version 5.1.1 and later

• McAfee® ePolicy Orchestrator® Cloud (McAfee ePO™ Cloud)For the latest Endpoint Security management license and entitlement information, see KB87057.

Contents Endpoint Security modules Options for installation and upgrades New features How the product works Security management options Where to go from here

Endpoint Security modulesThe administrator configures and installs one or more Endpoint Security modules on client computers.

• Threat Prevention — Checks for viruses, spyware, unwanted programs, and other threats byscanning items — automatically when users access them or on demand at any time.

• Firewall — Monitors communication between the computer and resources on the network and theInternet. Intercepts suspicious communications.

• Web Control — Displays safety ratings and reports for websites during online browsing andsearching. Web Control enables the site administrator to block access to websites based on safetyrating or content.

• Adaptive Threat Protection — Analyzes content from your enterprise and decides what to dobased on file reputation, rules, and reputation thresholds.Adaptive Threat Protection is an optional Endpoint Security module. For additional threatintelligence sources and functionality, deploy the Threat Intelligence Exchange server. Forinformation, contact your reseller or sales representative.

Adaptive Threat Protection isn't supported on systems managed by McAfee ePO Cloud.

In addition, the Common module provides settings for common features, such as interface securityand logging. This module is installed automatically if any other module is installed.

1

McAfee Endpoint Security 10.5.0 Installation Guide 7

Page 8: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Options for installation and upgradesMcAfee Endpoint Security includes automated installation and setup processes for multiplemanagement environments.

Automated installation and deployment

Select the level of automation or customization that best suits your needs.

• Automated wizards — Install and deploy the product with preconfigured, default settings andminimal interaction during installation.

• Customized options — Use the Endpoint Security Package Designer to create custom productpackages that include preconfigured policy settings. Specify installation features, such as installingsilently.

• Single or multiple targets — Install on local systems or deploy remotely to all managed systems.

Side-by-side management and upgrades

Install, manage, and upgrade multiple product versions and operating system platforms using a singlemanagement platform.

• Inline installation — Install and manage new products side by side with previous versions.

• Management of multiple client versions and platforms — Use McAfee ePO and McAfee ePOCloud with the McAfee Agent to manage 10.0–10.5 versions of the Endpoint Security Client onWindows systems and compatible client software on Mac and Linux systems.

• Migration of custom settings — Migrate your settings from legacy products for use withEndpoint Security.

• On self-managed systems — The installation wizard preserves your settings during theupgrade process, by default. You can specify the products to upgrade.

• On McAfee ePO-managed systems — The Endpoint Migration Assistant provides twomigration paths. You can migrate all your settings automatically, or select settings to migratemanually, then configure some of them before migration if needed.

New featuresThe current release of the product includes these new features.

See the McAfee Endpoint Security Release Notes for a complete listing of new product features andenhancements in this release.

1 Product overviewOptions for installation and upgrades

8 McAfee Endpoint Security 10.5.0 Installation Guide

Page 9: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

How the product works Endpoint Security detects, resolves, and logs information about detected threats. Client software isinstalled on each managed system to perform these tasks.

• For self-managed systems — A local system user installs the client software, customizes thefeatures, and manages detections.

• For managed systems — Typically, an administrator installs the client software, managesdetections, and sets up security rules, called policies, that determine how product features work.Depending on the policies configured by the administrator, users might be able to customize someproduct features.

The role of the client software

The client software protects systems with regular upgrades, continuous monitoring, and detailedreporting.

1 It silently monitors all file input and output, downloads, program executions, inbound and outboundcommunications, visits to websites, and other system‑related activities on managed systems, then:

• Deletes or quarantines detected viruses.

• Removes potentially unwanted programs, such as spyware or adware.

• Blocks or warns of suspicious activity, depending on product settings.

• Indicates unsafe websites with a color‑coded button or icon in the browser window or searchresults page. These indicators provide access to safety reports that detail site-specific threats.

• Blocks or warns of unsafe websites, depending on product settings.

Product overviewHow the product works 1

McAfee Endpoint Security 10.5.0 Installation Guide 9

Page 10: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

2 It regularly connects to a local or remote McAfee ePO server or directly to a site on the Internet tocheck for:

• Updates to content files, which contain information that Endpoint Security uses to detectthreats. These files are updated as new threats are discovered to ensure that systems arealways protected against the latest threats.

• Upgrades to software components.

If new versions are available, the client software downloads them.

3 It logs security information for each managed system, including protection status and details aboutdetections. Users can view this information in the client console on self-managed systems and onmanaged systems where policy settings are configured to allow it.

4 (Managed systems only) It regularly communicates with a security management server to:

• Send logged security information.

• Receive new policy assignments.

The role of the security management platformAdministrators can use a network security management platform to manage security for all networksystems from a centralized console.

If you're an administrator using a supported security management platform, you can perform thesenetwork security tasks:

• Deploy product software to managed systems.

• Manage and enforce network security using policy assignments and automated tasks.

• Manage protection for systems running on multiple operating system platforms.

• Update the product components and required security content to ensure that managed systems aresecure.

• Create reports that display informative, user-configured charts and tables containing your networksecurity data.

Management strategies vary according to the number and location of managed systems and the waythey are used.

• Enterprise networks for industry and government typically employ a team of IT administrators tomonitor and regulate security full time.

• Smaller businesses might ask an employee to dedicate an hour or two a week to monitoringsecurity, subscribe to management software hosted on a server "in the cloud," or let individualusers manage security on their own systems.

Endpoint Security adapts to any of these environments.

1 Product overviewHow the product works

10 McAfee Endpoint Security 10.5.0 Installation Guide

Page 11: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Security management optionsEndpoint Security adapts to various users and settings by supporting multiple security managementoptions. Select the right type of management for your needs based on your network's resources, thenumber and location of the managed systems, and the way systems are used.

Self-managed systemsOn systems not managed with a security management platform, Endpoint Security:

• Supports desktops and laptops.

• Requires no management server or server-side components.

• Is installed on the local system by local users.

• Is configured and managed from the client console on the local system.

Managed systemsMcAfee ePO and McAfee ePO Cloud enable access to additional management features, which include amanagement server and administrative console.

Features Managed with McAfeeePO

Managed withMcAfee ePO Cloud

System support

Supported devices Servers, desktops, laptops,and tablets

Servers, desktops, andlaptops

Located on premise with the managementserver

Yes (also manages remotedevices)

No

Installation

Administrators install server-side components Yes No

Administrators can install client softwareremotely to multiple systems

Yes Yes

Users can install client software on localsystems with a URL

Yes Yes

Management

Administrator uses web-based console Yes Yes

Users use local client console (Optional) Yes Yes

Self-managementInstall and manage the product directly on a local system that is not connected to a network ormanaged from a centralized security management platform.In this case, users run the installation wizard directly on the local system. After installation iscomplete, they can manage the security settings and product features directly from the client console.For example, they can schedule scans, view reports, and check for updates as needed.

Management with McAfee ePOUse McAfee ePO to deploy and manage the product on systems located at sites with local McAfee ePOservers and at remote sites managed by those servers. In this case, one or more administratorstypically manage the server and the network systems where the product is installed.

McAfee ePO was designed for large enterprise networks, and includes new features to facilitate ease ofuse and to enhance extensibility for many network configurations.

Product overviewSecurity management options 1

McAfee Endpoint Security 10.5.0 Installation Guide 11

Page 12: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Managed systems follow the classic client-server model, in which they call into the management(McAfee ePO) server for instructions. (To facilitate this call, a McAfee Agent is deployed to each systemin the network. Once an agent is deployed to a system, the system can be managed by McAfee ePO,and client software for managed products can communicate with the server.)

The following figure shows how Endpoint Security integrates into a secure McAfee ePO environment.

1 The administrator sets up the McAfee ePO server-side components, then deploys the McAfee Agentto managed systems.

The McAfee ePO database stores all data about the managed systems on the network, including:

• System properties

• Policy information

• Directory structure

• Threat events (information about detections)

• All other relevant data that the server needs to keep managed systems up to date

The McAfee Agent deployed to each system facilitates:

• Policy enforcement

• Product deployments and updates

• Reporting on managed systems

2 The administrator deploys client software to managed systems.

Endpoint Security Client is the client software for Windows systems. McAfee ePO extensions forEndpoint Security can also manage supported client software installed on Mac and Linux systems.

1 Product overviewSecurity management options

12 McAfee Endpoint Security 10.5.0 Installation Guide

Page 13: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

3 The McAfee ePO server connects to the McAfee update server to pull down the latest securitycontent.The McAfee ePO update server hosts the latest security content, so the McAfee ePO software canpull the content at scheduled intervals.

4 Agent-server secure communication (ASSC) occurs at regular intervals between the systems andthe McAfee ePO server. Then:

• McAfee ePO sends any available new policy assignments or product updates for the clientsoftware to the managed systems. This communication occurs shortly after the client software isinstalled and at regular intervals thereafter.

• The client software sends the security information it has logged to the server.

5 The administrator logs on to the McAfee ePO console to perform security management tasks, suchas running queries to report on security status or working with managed software security policies.

Management with McAfee ePO CloudUse McAfee ePO Cloud to deploy and manage the product on systems located at sites that do not havetheir own management server. In this case, McAfee hosts the server.

McAfee ePO Cloud was designed for small and medium networks that do not have a dedicated securitymanagement team or infrastructure in place. McAfee sets up the McAfee ePO Cloud server anddatabase "in the cloud," creates an account, makes products available to install on managed systems,and sends logon credentials to an account administrator.

Managed systems follow the classic client-server model, in which they call into the management(McAfee ePO Cloud) server for instructions. (To facilitate this call, a McAfee Agent is deployed to eachsystem in the network. Once an agent is deployed to a system, the system can be managed byMcAfee ePO Cloud, and client software for managed products can communicate with McAfee ePOCloud.)

The following figure shows how Endpoint Security integrates into a secure McAfee ePO Cloudenvironment.

Product overviewSecurity management options 1

McAfee Endpoint Security 10.5.0 Installation Guide 13

Page 14: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

1 McAfee sets up the server-side components "in the cloud," including the McAfee ePO Cloud serverand database, then sends the URL and logon information to the administrator.

2 The McAfee ePO Cloud server connects to the McAfee update server to pull down the latest securitycontent.

The McAfee update server hosts the latest security content, so the McAfee ePO Cloud software canpull the content at scheduled intervals.

3 The administrator uses a browser to log on to McAfee ePO Cloud, creates an installation URL, andsends it to users along with instructions for installing the client software on their systems.

Endpoint Security Client is the client software for Windows systems. Endpoint Security server-sidecomponents can also manage supported client software installed on Mac and Linux systems.

The URL installs the McAfee Agent (if it is not already installed) and Endpoint Security Client. Thesystem communicates back to McAfee ePO Cloud and is then managed and protected by McAfeeePO Cloud.

4 Agent-server secure communication (ASSC) occurs at regular intervals between the systems andthe McAfee server. Then:

• McAfee ePO Cloud sends any available new policy assignments or product updates for the clientsoftware to the managed systems. This occurs shortly after the client software is installed andat regular intervals thereafter.

• The client software sends the security information it has logged to the server.

5 The administrator uses a browser to log on to McAfee ePO Cloud and perform security managementtasks, such as running queries to report on security status or configuring managed softwaresecurity policies.

Where to go from hereThis guide explains how to install or upgrade Endpoint Security on centrally managed andself-managed Windows systems.

To install client software for Endpoint Security for Mac or Endpoint Security for Linux, see the productdocumentation.

When you are ready to begin, follow this process.

1 Check the information in Chapter 2 to ensure that your systems and environment meet therequirements to install and run the product.

Chapter 2 also describes requirements for migrating legacy products.

2 Follow the instructions in the chapter for your management environment.

To install on systems managed with... Go to...

McAfee ePO or McAfee ePO Cloud Chapter 3

Self-management (no security management platform) Chapter 4

3 See Chapter 5 for reference or troubleshooting information.

4 (Optional) For information about installing Endpoint Security Adaptive Threat Protection, seeAppendix A, Adaptive Threat Protection installation.

1 Product overviewWhere to go from here

14 McAfee Endpoint Security 10.5.0 Installation Guide

Page 15: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

2 Pre-installation

Your managed systems must have specific hardware and software to run McAfee Endpoint Security.Review these requirements and recommendations before installing your Endpoint Security software tomake sure that your installation is successful.

Contents System requirements for Endpoint Security Other virus-detection and firewall software Preparing to install or upgrade Preconfiguring the product Upgrading an existing version of the product Are you ready to install?

System requirements for Endpoint SecurityThis release supports deploying Endpoint Security to Windows operating systems. You can manageWindows, Mac, and Linux clients from McAfee ePO using Endpoint Security extensions.

System and hardware requirements

For a complete list of current system requirements:

• Endpoint Security — KB82761

• Endpoint Security for Mac — KB84934

• Endpoint Security for Linux — KB87073

Platforms no longer supported

• Windows Vista SP2

• Windows Server 2008

Windows 2008 R2 is supported.

Products no longer supported

McAfee Agent 5.0.1

2

McAfee Endpoint Security 10.5.0 Installation Guide 15

Page 16: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Supported and unsupported browsers

Product installation been verified to function correctly on these versions of popular browsers. URLinstallation requires one of these browsers and an Internet connection.

• Mozilla Firefox (versions 3.0 and later)

• Google Chrome (versions 4.0 and later)

• Microsoft Internet Explorer (versions 8, 9, 10, and 11)

• Safari, versions (7.1.x, 8.0.x, and 9.0.x) — Endpoint Security for Mac

The installation wizard works with the default security level for Internet Explorer. For other browsers,select a security level that enables Javascript. See the web browser's documentation for instructionson configuring the security level if you must change it.

Web Control

Web Control supports these browsers:

• Microsoft Internet Explorer 11

• Google Chrome — current version

Chrome doesn't support the Show Balloon option.

• Mozilla Firefox — current version

• Mozilla Firefox ESR (Extended Support Release) — current version and previous version

As Google and Mozilla release new versions frequently, Web Control might not work with a new update.A Web Control patch is released as soon as possible to support the changes from Google or Mozilla.

Web Control doesn't support Microsoft Edge.

For the latest information about browsers that Web Control supports, see KB82761.

On self-managed systems, all browsers — supported and unsupported — are allowed by default.

Supported security management platforms

If you plan to manage security for network systems, you must first set up a supported managementplatform and place the network systems under its management.

2 Pre-installationSystem requirements for Endpoint Security

16 McAfee Endpoint Security 10.5.0 Installation Guide

Page 17: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Managementplatform

Requirements

McAfee ePO An administrator has:• Installed McAfee ePO 5.1.1 or later. (McAfee ePO 5.3.1 or later is

recommended.)

• Deployed McAfee Agent 5.0.2.333 or later to managed systems. (McAfeeAgent 5.0.4 is recommended.)

See the McAfee ePolicy Orchestrator Installation Guide for instructions.

McAfee ePO Cloud • McAfee or another service provider has set up your account, installedserver-side components, and sent you logon credentials for McAfee ePOCloud.

• An administrator has deployed McAfee Agent 5.0.2.333 or later to managedsystems. (McAfee Agent 5.0.4 is recommended.)

For the latest Endpoint Security management license and entitlementinformation, see KB87057.

See the McAfee ePolicy Orchestrator Cloud Installation Guide for instructions.

None(self-managed)

You have installed McAfee Agent 4.0 or later on your system.

Endpoint Security requires McAfee Agent 5.0.2.333 or later (version 5.0.4 isrecommended). Endpoint Security automatically upgrades version 4.0 and laterof the agent to a supported version during product upgrades. You can alsoupgrade the agent manually.

See also Upgrade the McAfee Agent on McAfee ePO-managed systems on page 27Upgrade the McAfee Agent on self-managed systems on page 38System requirements for Adaptive Threat Protection on page 55

Other virus-detection and firewall softwareIt is not necessary to uninstall existing virus-detection and firewall products on managed systemsbefore installing Endpoint Security. The installation wizard detects these products and resolves mostconflicts automatically.

• If the Windows firewall is enabled — The wizard disables the Windows firewall automatically toprevent conflicts.

• If incompatible virus detection or firewall software is installed — The wizard attempts touninstall the software. If it can't, it prompts the user to cancel the installation, uninstall theincompatible software manually from the Windows Control Panel, then resume the installation.Installation resumes where it left off.

See KB85522 for a list of the software products uninstalled automatically. If you have incompatiblesoftware that does not appear on this list, manually uninstall it before installing Endpoint Security.

Users might be prompted to reboot their systems after uninstalling firewall software.

Pre-installationOther virus-detection and firewall software 2

McAfee Endpoint Security 10.5.0 Installation Guide 17

Page 18: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

• If McAfee Host Intrusion Prevention is installed — The Endpoint Security Firewall replaces theHost Intrusion Prevention Firewall, and you can also migrate your Host Intrusion PreventionFirewall settings to the new Endpoint Security Firewall. Host Intrusion Prevention (without itsfirewall module) can run side by side with the Endpoint Security Firewall.

You are not required to upgrade to Endpoint Security Firewall or migrate your settings. You cancontinue to run the McAfee Host IPS Firewall after installing Endpoint Security Firewall. WheneverMcAfee Host IPS Firewall is installed and enabled, Endpoint Security Firewall is disabled even ifenabled in the policy settings.

• If McAfee® Deep Defender™ is installed — You must remove this conflicting product manually orwith a client task before installing Endpoint Security.

Preparing to install or upgradeIdentify and resolve potential issues before installing or upgrading Endpoint Security.

• Run McAfee GetClean — Run the McAfee GetClean tool on the deployment base images for yourproduction systems to ensure that clean files are sent to McAfee® Global Threat Intelligence™

(McAfee GTI) to be categorized. This tool helps to ensure that McAfee GTI does not provide anincorrect reputation value for your files. For more information, see the McAfee GetClean ProductGuide.

• Review and revise settings for products you plan to upgrade — Review policy settings, clienttasks, and assignments, consolidating them where possible. Remove duplicates and unusedobjects.

Preconfiguring the productYou can customize settings for product features before deploying the product to managed systems.Preconfiguration enables you to meet specific requirements, for example, in environments withsecurity compliance standards. Preconfigured policy settings take effect on installation.

Overview of preconfiguration process

Use one of these methods to install Endpoint Security with preconfigured policy settings.

• For self-managed systems — Export policy settings to a file, then import them during acommand-line installation.

1 Customize policies with the settings required for your system.

2 Export the settings using ESConfigTool with command-line options.

3 Import the settings using SetupEP with command-line options.

• For McAfee ePO systems — Create a custom product package with Endpoint Security PackageDesigner, then deploy it using McAfee ePO or third-party software.

1 Customize policies with the settings required for your environment.

2 Create a custom product package that includes the preconfigured policies. The EndpointSecurity Package Designer steps you through this process.

2 Pre-installationPreparing to install or upgrade

18 McAfee Endpoint Security 10.5.0 Installation Guide

Page 19: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

3 Check in components from the custom product package to a location accessible by yourdeployment software. For McAfee ePO, this is the Master Repository.

4 Deploy the policy settings to managed systems. Use McAfee ePO or a third-party deploymenttool.

See the Endpoint Security Help for information about the features you can configure.

Best practices

McAfee preconfigures features with default settings that protect systems in medium-riskenvironments. These settings ensure that systems can access important websites and applicationsuntil there is time to customize the settings.

When customizing product features, make sure to configure:

• Where and how managed systems get updates.

• How often and what time of day managed systems check for updates.

• Access to required websites and applications without interruption.

Create custom packages with Endpoint Security PackageDesignerThe Endpoint Security Package Designer steps you through the process of creating a productpackage .zip file that contains preconfigured custom policies.

Before you begin• You have installed Endpoint Security on managed systems. Package Designer checks to

verify that it is installed.

• You have a source package to customize, if needed, as part of this process.

• You have downloaded and installed Package Designer.

Endpoint Security Package Designer is a standalone tool (not included with Endpoint Security) that youcan download. Use this tool to create a custom package using existing Endpoint Security settings — orcustomized settings — on a client system. You can then deploy the custom package files in one ofthese ways:

• As a standalone installer

• Using McAfee ePO

• Using a third-party network deployment tool

For information about installing and using Package Designer, see KB86438.

TaskFor details about product features, usage, and best practices, click ? or Help.

1 Open the Package Designer wizard.

2 On the Select Folders screen, select the source package file and destination folder for the custompackage.

a Browse to the package you want to create.

b Browse to the folder where you want to create the package.

Pre-installationPreconfiguring the product 2

McAfee Endpoint Security 10.5.0 Installation Guide 19

Page 20: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

c (Optional) Specify a custom name for the package. The .zip file extension is appended to the filename automatically.

d Click Next.

3 On the Modify Package screen, click Edit Settings and make changes to the settings if needed, then clickNext.

4 On the Create Package screen, review and verify your selections and the content of the custompackage, then click Create.

A progress bar displays the status of your request.

5 On the Package Completed screen, select an option:

• Open Package Location — Navigates to the folder where the package was created. From there, youcan check in the package to the Master Repository in McAfee ePO for deployment or deploy it byusing third-party software.

Best practice: Test custom packages before deploying them to your McAfee ePO environment.

• Finish — Exits the wizard.

Install custom packages with McAfee ePOUse McAfee ePO to install a custom package that you created with the Endpoint Security PackageDesigner.

Before you beginYou have created a package with custom policies and copied it to a location that isaccessible from your McAfee ePO server.

You can also use a third-party network deployment tool to deploy custom package files. See itsproduct documentation for more information.

If you migrate settings from legacy products to Endpoint Security, policies included in a custom packagetake precedence over legacy policies. In these cases, the custom policy settings are applied instead ofthe legacy settings.

TaskFor details about product features, usage, and best practices, click ? or Help.

1 Navigate to the folder where you created the custom package, then extract the files.

From the Package Designer, click Open Package Location in the Package Completed screen, or navigate tothe location manually.

2 In McAfee ePO, go to the Master Repository, then click Check In Package.

3 On the Package tab of the Check In Package screen, select the package to check in.

a For Package type, select Product or Update (.ZIP).

b For File path, click Choose File, navigate to the custom package, then click Open.

c Click Next.

4 On the Package Options tab, verify the package information and select the branch where you want toinstall the package, then click Save.

2 Pre-installationPreconfiguring the product

20 McAfee Endpoint Security 10.5.0 Installation Guide

Page 21: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

5 Repeat steps 2–4 for each .zip file you extracted from the custom package.

6 To install the files you have checked in on managed systems, create a client deployment task.

Create a custom policy to importUse ESConfigTool to create preconfigured policy settings that you can import during productinstallation. You can then use SetupEP to install Endpoint Security with settings in place rather thanwaiting for the first policy enforcement.

Before you beginEndpoint Security is deployed to at least one managed system.

This utility exports all policy settings for your selected product modules to a location that you specify.

For example, preconfigure port exclusions to ensure that vital communications are not blocked whenFirewall is installed, or preconfigure settings required for compliance with security regulations.

ESConfigTool is located in the Endpoint Security Platform folder (C:\Program Files\McAfee\EndpointSecurity\Endpoint Security Platform, by default).

TaskFor option definitions, run ESConfigTool with no options: ESConfigTool.exe

1 Create a policy and configure the required settings, then save it.

2 Using the ESConfigTool command line, export the policy to create <file_name>.

ESConfigTool.exe /export <file_name> [/module <TP|FW|WC|ESP> ]

Save this file to a folder that is not protected by McAfee. The folder containing ESConfigTool isprotected, so the export location should be a different, writable location.

Example:

ESConfigTool.exe /export C:\ENS\firewall.policy /module FW

This example exports the Firewall policy settings to C:\ENS\firewall.policy.

3 Using the SetupEP utility, install Endpoint Security and import <file_name>.

<file_name> is the exported policy settings file created in the previous step.

setupEP.exe <options> /import <file_name> /module <FW|TP|WC|ESP>

Example:

setupEP.exe ADDLOCAL="fw,tp,wc" /import C:\ENS\firewall.policy /module FW

This example installs the McAfee®

Endpoint Security Firewall, McAfee®

Endpoint Security ThreatPrevention, and McAfee

®

Endpoint Security Web Control product modules (and Endpoint SecurityPlatform, also called the McAfee

®

Endpoint Security Common module, which installs automatically).It also imports policy settings from the firewall.policy file and applies them to the Firewall module.

See also SetupEP command-line options (self-managed) on page 47ESConfigTool command-line options on page 50

Pre-installationPreconfiguring the product 2

McAfee Endpoint Security 10.5.0 Installation Guide 21

Page 22: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Upgrading an existing version of the productIf a previous supported version of one or more product modules is installed currently in yourenvironment, you can upgrade to Endpoint Security. If you are upgrading legacy products, such asVirusScan Enterprise, you can also migrate your custom settings.

Upgrading Endpoint Security

Use the installation wizard to install the new Endpoint Security product modules side by side with yourexisting products. You can continue to use both product versions until you are ready to remove theolder ones.

You can use the McAfee Agent to manage versions 10.0–10.5 of Endpoint Security.

You can continue to run Endpoint Security Threat Intelligence 10.2 after upgrading to ThreatPrevention 10.5.

Upgrading to Adaptive Threat Protection

To upgrade Endpoint Security Threat Intelligence version 10.2 to Adaptive Threat Protection version10.5, you must manually upgrade after installing Endpoint Security version 10.5.

Adaptive Threat Protection requires version 10.5 of both Threat Prevention and Endpoint SecurityPlatform.

Updating to Adaptive Threat Protection is not a requirement. You can continue to run EndpointSecurity Threat Intelligence version 10.2 after upgrading to Threat Prevention version 10.5.

Best practice: To use all the newest features, install the 10.5 version of Adaptive Threat Protectionwith the 10.5 version of Endpoint Security.

Migrating or preserving legacy product settings

When you upgrade these legacy products, you can migrate (or preserve) some of your custom productsettings:

Product versions that migrate(all patch levels)

Settings that migrate

McAfee VirusScan Enterprise 8.8 • Policies — You can migrate workstation policies, server policies,or both if you have both defined.

• Client tasks

McAfee Host Intrusion PreventionFirewall 8.0

• Host IPS Catalog — Renamed Firewall Catalog in EndpointSecurity.

• Firewall and General policies

McAfee Host Intrusion Prevention8.0

• IPS Rules policy:

• Excluded Application Protection Rules

• IPS Exceptions

• Custom signatures

• McAfee-defined signatures supported by the ExploitPrevention policy

• IPS Protection policy

2 Pre-installationUpgrading an existing version of the product

22 McAfee Endpoint Security 10.5.0 Installation Guide

Page 23: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Product versions that migrate(all patch levels)

Settings that migrate

McAfee SiteAdvisor Enterprise 3.5 • Policies

• Client tasks

McAfee Endpoint Protection forMac 2.3McAfee VirusScan for Mac 9.8

• Anti-malware policy:

• On-access Scan

• Exclusions: On-access Scan

McAfee VirusScan Enterprise forLinux 2.0.2

• On-Access Scanning policy

• On-Demand Scanning client tasks

Best practice: Before migrating, review your legacy settings to make sure that they are up to date,then consolidate, remove duplicates, and remove unused settings, policies, and client tasks.

• On self-managed systems — The installation wizard allows you to preserve your legacy settingswhen you upgrade to Endpoint Security.

• In McAfee ePO environments — Use the Endpoint Migration Assistant to create EndpointSecurity policies based on your current legacy product settings. You can let the Migration Assistantmigrate all your settings automatically, or you can select which policies to migrate, then configurenew settings manually. The Migration Assistant also migrates client tasks and other settings. Formore information, see the McAfee Endpoint Security Migration Guide and Help.

Are you ready to install?When your environment meets the requirements specified in this chapter, you are ready to begininstallation.

These components... Meet these requirements

All systems where youwant to install the product

• Hardware components meet or exceed minimum requirements.

• Supported operating system is installed.

• Supported web browser is installed.

Managed systems only • Required agent is installed and communicating with the managementserver.

• (Upgrade) Supported version of software is installed.

Management server • Supported management platform is installed.

• (Optional) You have preconfigured policy settings for product featuresas needed.

• (Upgrade) Supported version of extension is installed.

• (Optional) Your environment meets the requirements for AdaptiveThreat Protection, and you are prepared to install and configure itscomponents.

Pre-installationAre you ready to install? 2

McAfee Endpoint Security 10.5.0 Installation Guide 23

Page 24: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

If you plan to:

• Migrate your custom settings for legacy products in McAfee ePO environments — Checkrequirements in the McAfee Endpoint Security Migration Guide.

• Install Adaptive Threat Protection — See Appendix A, Adaptive Threat Protection installation,for information about installing and setting up the components. Adaptive Threat Protection is anoptional Endpoint Security module.

• Install compatible client software on Mac and Linux systems — See the productdocumentation for Endpoint Security for Mac and Endpoint Security for Linux.

2 Pre-installationAre you ready to install?

24 McAfee Endpoint Security 10.5.0 Installation Guide

Page 25: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

3 Installation for systems managed withMcAfee ePO and McAfee ePO Cloud

Use this information to install the product on Windows systems managed with McAfee ePO and McAfeeePO Cloud.

Contents Installation overview Upgrade the McAfee Agent on McAfee ePO-managed systems Install the product files on the management server Download Endpoint Security content files Deploy to multiple systems with deployment tasks Install on local systems with an installation URL Verify the installation Uninstall from systems managed with McAfee ePO or McAfee ePO Cloud

Installation overviewIn McAfee ePO and McAfee ePO Cloud environments, administrators can deploy the product softwareremotely to managed systems or ask users to install it locally. For McAfee ePO, they must also installproduct software on the management server.

Management environment characteristics

The primary differences in managing the two environments are:

• McAfee ePO — Administrators install product components on the management server, then theytypically configure feature settings and deploy the client software to multiple managed systemsusing deployment tasks.

• McAfee ePO Cloud — McAfee or another service provider sets up each McAfee ePO Cloud accounton an offsite management server and notifies the local administrator when products are ready toinstall on managed systems. Local administrators then typically create and send an installation URLto users for installation on local systems.

In McAfee ePO Cloud environments, you must have administrative logon credentials for a McAfeeePO Cloud account before installing the product. McAfee or your service provider sends these to youin an email. If you have not previously activated and configured an account, see the McAfee ePOCloud product guide for instructions.

For the latest Endpoint Security management license and entitlement information, see KB87057.

3

McAfee Endpoint Security 10.5.0 Installation Guide 25

Page 26: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Endpoint Security supports both URL installation and deployment tasks in either environment. As anadministrator, you can choose the method that best suits your needs.

If you are installing Adaptive Threat Protection, see Appendix A, Adaptive Threat Protection installation,for additional steps. Adaptive Threat Protection is an optional Endpoint Security module.

Installation and upgrade process

Task Description McAfeeePO orMcAfeeePO Cloud

Notes

1 Ensure that all managed systems meet therequirements described in Chapter 2, Pre-installation.

Both

2 Upgrade McAfee Agent, if needed. McAfee ePO Endpoint Securityrequires McAfee Agent5.0.2.333 or later(version 5.0.4 isrecommended). Ifrunning an earlierversion, upgrade theagent manually.

3 Prepare policies as needed.• If you are migrating legacy policies — Review

and revise your settings to eliminate unused,outdated, and duplicate settings.

• If you are preconfiguring policies — Create acustom package.

McAfee ePO Only for migration orpreconfigured settings

4 Open the management console. (Open your webbrowser and log on to your account.)

Both

5 Install the product files on the McAfee ePO server. McAfee ePO

6 Manually update your McAfee ePO server with thelatest content files required for Endpoint Security:AMCore, Exploit Prevention, and (if applicable)Adaptive Threat Protection content files.

McAfee ePO

7 Migrate policies, client tasks, and other settings fromsupported legacy products.

McAfee ePO Only for migrationSee the McAfeeEndpoint SecurityMigration Guide formore information.

8 Configure policies as needed. Both Optional

3 Installation for systems managed with McAfee ePO and McAfee ePO CloudInstallation overview

26 McAfee Endpoint Security 10.5.0 Installation Guide

Page 27: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Task Description McAfeeePO orMcAfeeePO Cloud

Notes

9 Deploy the client software with default or customsettings to managed systems in one of these ways:• Remotely to multiple managed systems with

deployment tasks — Preferred for McAfee ePO.

• Locally on managed systems with aninstallation URL — Preferred for McAfee ePOCloud.

Best practice: Restart the managed system afterinstalling this release of the product.

Both

10 Verify that the client software is installed and up todate on all managed systems.

Both

See also Create custom packages with Endpoint Security Package Designer on page 19Preconfiguring the product on page 18

Upgrade the McAfee Agent on McAfee ePO-managed systemsEndpoint Security requires McAfee Agent 5.0.2.333 or later (version 5.0.4 is recommended). Onmanaged systems running an earlier version, you need to upgrade the McAfee Agent manually beforedeployment.

For McAfee ePO Cloud, no action is required to upgrade McAfee Agent. The new agent is installedautomatically on managed systems from the McAfee ePO Cloud installation URL sent to users.

On Windows systems, communication is blocked between McAfee ePO and the agent when runningMcAfee Host IPS 8.0 (Patch 4 or earlier) and McAfee Agent version 5.0 (or later). See KB82869 forinstructions to resolve this issue.

TaskFor details about product features, usage, and best practices, click ? or Help.

1 Download and deploy the package.

2 Log on to McAfee ePO as administrator.

3 Select Menu | Extensions, click Install Extension, and select the EPOAGENTMETA.zip file.

4 Select Menu | Master Repository, click Check In Package, and select the MA-WIN 5.0.2 .zip file or the latestrecommended version (5.0.4).

5 Deploy the new McAfee Agent using one of these methods:

• Create a deployment task to push the new package to the client systems: Select New | ProductDeployment, then click New Deployment.

• Create and distribute a new deployment URL.

Installation for systems managed with McAfee ePO and McAfee ePO CloudUpgrade the McAfee Agent on McAfee ePO-managed systems 3

McAfee Endpoint Security 10.5.0 Installation Guide 27

Page 28: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

When you check in the new McAfee Agent, which overwrites the previous version, anydeployment URL created with the previous version no longer works. You must create anddistribute a new URL with the new McAfee Agent.

1 Select Menu | System Tree, then select the subgroup that contains the systems to deploy to.

2 On the Agent Deployment tab, click Create Agent Deployment URL.

3 Enter the URL name, verify the agent version, then click OK.

4 Distribute the URL for new deployments.

For more information about deployment, see the McAfee ePO Help.

Install the product files on the management serverIn McAfee ePO environments only, install server-side components for Endpoint Security on the McAfeeePO server as the first step in the installation process.

Before you beginYour network security management platform must meet the requirements described inChapter 2, Pre-installation.

This task installs two types of product components on the management server:

• Product management extensions — Add Endpoint Security management features (such as queries,client tasks, and online Help) to the McAfee ePO server that enable you to manage the productfrom the console.

• Product deployment packages — Add product software files to the Master Repository. You can thendeploy them to managed systems.

TaskFor details about product features, usage, and best practices, click ? or Help.

1 On the security management console, select Menu | Dashboards, then select Guided Configuration fromthe drop-down list.

2 On the Guided Configuration screen, click Begin.

3 Click Software Selection, then:

a Under the Software Not Checked In product category, click Licensed to display available products.

b In the Software table, select the product you want to check in. The product description and allavailable components are displayed in the table below.

c Click Check In All to check in product extensions to your McAfee ePO server, and product packagesto your Master Repository.

When installation is complete, the extensions are listed on the Extensions page and the packagesare listed in the Master Repository.

You can now deploy the product to managed systems.

3 Installation for systems managed with McAfee ePO and McAfee ePO CloudInstall the product files on the management server

28 McAfee Endpoint Security 10.5.0 Installation Guide

Page 29: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Download Endpoint Security content filesYou must manually update your McAfee ePO server with the latest AMCore and Exploit Preventioncontent files required for Endpoint Security.

Before you beginThe Endpoint Security packages are checked in to the Master Repository on your McAfeeePO server.

TaskFor details about product features, usage, and best practices, click ? or Help.

1 In McAfee ePO, select Menu | Automation | Server Tasks to open the Server Task Catalog.

2 Edit the Update Master Repository server task.

3 Click the Actions tab.

4 For the Repository Pull action, ensure that the following are set:

• Source site: McAfeeHttp

• Package types: All packages

5 Click Save to save the task.

6 For the Update Master Repository server task, click Run.

The Master Repository now includes the AMCore Content Package and the Endpoint Security Exploit PreventionContent package required by Endpoint Security. See the Endpoint Security Common Help for moreinformation about content files.

Deploy to multiple systems with deployment tasksAutomated tasks simplify the processes for deploying the client software to managed systems. Thismethod deploys remotely from the security management console and does not require any userassistance.

Before you begin• The systems where you want to install the product must meet the requirements

described in Chapter 2, Pre-installation.

• In a McAfee ePO environment, you must have installed the product's server-sidecomponents on the McAfee ePO server.

• In a McAfee ePO Cloud environment, you must have administrative logon credentials fora McAfee ePO Cloud account. McAfee or your service provider sends these in an email.

Installation for systems managed with McAfee ePO and McAfee ePO CloudDownload Endpoint Security content files 3

McAfee Endpoint Security 10.5.0 Installation Guide 29

Page 30: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

TaskYou can use two types of automated tasks to deploy product software to multiple managed systems:product deployment tasks and client tasks. Product deployment tasks are simpler to set up, and thisguide explains the process. See the McAfee ePO or McAfee ePO Cloud product guide for moreinformation about configuring and running product deployment tasks and client tasks.

1 On the security management console, select Menu | Software | Product Deployment.

2 On the Product Deployment page, click New Deployment.

3 On the New Deployment page, configure these settings, then click Save at the top of the page.

Option Description

Name andDescription

Type a name and description for this deployment.

This name appears on the Deployment page after the deployment is saved.

Type From the list, select the type of deployment.• Fixed — Deploys only to the selected systems.

• Continuous — Deploys to systems based on System Tree groups or tags. Thisoption allows these systems to change over time as they are added or removedfrom the groups or tags.

If you want to automatically install product updates when they are available,select Auto Update. This option deploys the hotfixes and patches for your productautomatically.

Package From the list, select McAfee Endpoint Security.

Language andBranch

If needed, select the Language and Branch, if not using the defaults.

Command line In the text field, specify a command line with installation options for the moduleyou are installing. These options are supported:• /INSTALLDIR="install_path" • /nocontentupdate• /l"install_log_path" • /override"hips"• /l*v"install_log_path"

Select thesystems

Click Select Systems to open the System Selection dialog box and select the systemswhere you want to deploy the client software.If needed, configure the following:• Run at every policy enforcement (Windows only)

• Allow end users to postpone this deployment (Windows only)

• Maximum number of postponements allowed

• Option to postpone expires after

• Display this text

Select a start time Select a start time or schedule for your deployment:• Run Immediately — Starts the deployment task the next time the systems check for

updates from the management server.

• Once — Opens the scheduler so you can configure the start date, time, andrandomization.

3 Installation for systems managed with McAfee ePO and McAfee ePO CloudDeploy to multiple systems with deployment tasks

30 McAfee Endpoint Security 10.5.0 Installation Guide

Page 31: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

The Product Deployment page opens with your new project added to the list of deployments. Also, aclient task is automatically created with the deployment settings.

4 Check the status of the deployment on the Product Deployment page.

Click the deployment task in the list on the left side of the page to display its details on the rightside of the page.

See also SetupEP command-line options (McAfee ePO and McAfee ePO Cloud deployment tasks) onpage 46

Install on local systems with an installation URLTypically, McAfee ePO Cloud administrators create an installation URL that can be used to installEndpoint Security Client on managed systems.They can:

• Use this URL to install the client software locally on their own system.

• Send this URL to users with instructions for installing the client software on their local systems.

McAfee ePO also supports URL installation.

Tasks• Install the product with default settings on page 31

Create a default installation URL and use it to install the client software on systems in thedefault group.

• Install the product with custom settings on page 32Create a custom installation URL and use it to install the client software on your own localsystem or send it to end users to install the client software on their systems.

• Install with an installation URL on page 33Install the product on a local system with an installation URL.

Install the product with default settingsCreate a default installation URL and use it to install the client software on systems in the defaultgroup.

Before you begin• In a McAfee ePO environment, the product extensions must be installed on the McAfee

ePO server, and the product content must be available in the Master Repository.

• In a McAfee ePO Cloud environment, you must have administrative logon credentials fora McAfee ePO Cloud account. McAfee or your service provider sends these to you in anemail.

TaskFor details about product features, usage, and best practices, click ? or Help.

1 Open your browser and log on to McAfee ePO.

2 Select Menu | Dashboards, then select Getting Started with ePolicy Orchestrator from the drop-down list.

The product modules installed on managed systems are listed under My Products. The defaultinstallation URL appears underneath.

Installation for systems managed with McAfee ePO and McAfee ePO CloudInstall on local systems with an installation URL 3

McAfee Endpoint Security 10.5.0 Installation Guide 31

Page 32: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

3 Install the product locally or send the URL to users to install on their systems.

On thisplatform...

Perform these steps...

McAfee ePO 1 Click the URL displayed on the page.A file containing all the product client packages downloads to your system.

2 Click Install if a web-based installation wizard doesn't open automatically.

McAfee ePOCloud

1 Select an option.

• Install Protection on This Computer — Downloads a file containing all the productclient packages downloads to the local system and installs them. Click Installif a web-based installation wizard doesn't open automatically.

• Install Protection to Other Computers — Displays the installation URL.

2 Send the URL to users.

a Copy this URL to a text file, then click OK to close the dialog box.

b Send the URL in an email message with any special instructions for installingon local systems.

Install the product with custom settingsCreate a custom installation URL and use it to install the client software on your own local system orsend it to end users to install the client software on their systems.

Before you begin• In a McAfee ePO environment, the product extensions must be installed on the McAfee

ePO server, and the product content must be available in the Master Repository.

• In a McAfee ePO Cloud environment, you must have administrative logon credentials fora McAfee ePO Cloud account. McAfee or your service provider sends these to you in anemail.

TaskFor details about product features, usage, and best practices, click ? or Help.

1 Open your browser and log on to McAfee ePO.

2 Select Menu | Dashboards, then select Getting Started with ePolicy Orchestrator from the drop-down list.

The product modules installed on managed systems are listed under My Products.

3 Create a custom installation URL.

3 Installation for systems managed with McAfee ePO and McAfee ePO CloudInstall on local systems with an installation URL

32 McAfee Endpoint Security 10.5.0 Installation Guide

Page 33: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

On thisplatform...

Perform these steps...

McAfee ePO 1 Click Customize Installation.The Customize Software Installation page opens.

2 Configure these settings, then click Done:• Group Name — Select the default group name or enter a custom group name.

• Operating System — Select McAfee Agent for Windows.

• Software and Policies — Select McAfee Endpoint Security product modules to installand, if needed, click McAfee Default Policies and Tasks to select an alternativepreconfigured policy.

• Software is automatically updated to the latest version — Specify whether to download thelatest version of the software automatically whenever an update occurs.

A page displays installation options.

McAfee ePOCloud

1 Click Customize Installation.

2 Configure these settings, then click Done:• Group Name — Select the default group name or enter a custom group name.

• Operating System — Select McAfee Agent for Windows.

• Software and Policies — Select McAfee Endpoint Security product modules to installand, if needed, click McAfee Default Policies and Tasks to select an alternativepreconfigured policy.

• Software is automatically updated to the latest version — Specify whether to download thelatest version of the software automatically whenever an update occurs.

A page displays installation options.

4 Select an installation option.

• Install Protection on This Computer — Downloads a file containing all the product client packagesdownloads to the local system and installs them. Click Install if a web-based installation wizarddoesn't open automatically.

• Install Protection to Other Computers — Displays the installation URL.

5 Send the URL to users.

a Copy this URL to a text file, then click OK to close the dialog box.

b Send the URL in an email message with any special instructions for installing on local systems.

Install with an installation URLInstall the product on a local system with an installation URL.

Before you begin• The system where you install the product must meet the requirements described in

Chapter 2, Pre-installation.

• You must have an installation URL that you created or received from your administrator.

Installation for systems managed with McAfee ePO and McAfee ePO CloudInstall on local systems with an installation URL 3

McAfee Endpoint Security 10.5.0 Installation Guide 33

Page 34: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

TaskFor details about product features, usage, and best practices, click ? or Help.

1 Open a web browser window and paste in the installation URL.

2 Follow the instructions on the screen to install. If the installation does not start automatically, clickInstall.• Click Run if prompted to run or save.

• Click Run if prompted to verify the installation.

A dialog box displays the progress of the installation and indicates when it is complete. If needed, youcan click Cancel to stop the installation.

The installation log, McAfeeSmartInstall_<date>_<time>.log, is saved in <LocalTempDir>\McAfeeLogs (for example, C:\Windows\Temp\McAfeeLogs).

Verify the installationAfter deployment, verify that the client software installed and updated correctly on managed systems.After a URL installation, verify that the list of systems matches the list of users you sent theinstallation URL to.

TaskFor details about product features, usage, and best practices, click ? or Help.

1 Wait for client systems to report back to the security management platform (typically after an houror two).

2 On the security management console, select Menu | Dashboards, then select Endpoint Security: InstallationStatus for a complete listing of the managed systems where the software was installed and theirstatus.

Uninstall from systems managed with McAfee ePO or McAfeeePO Cloud

You can remove product modules from managed systems remotely from the management console orlocally at the managed system. You might do this for testing or before reinstalling the client software.

Best practice: Reinstall the client software as soon as possible. When it is uninstalled, the system isnot protected against threats.

TaskFor details about product features, usage, and best practices, click ? or Help.

• Remove the client software using one of these methods.

3 Installation for systems managed with McAfee ePO and McAfee ePO CloudVerify the installation

34 McAfee Endpoint Security 10.5.0 Installation Guide

Page 35: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

To uninstall... Do this...

From multiplesystemsremotely

Run a product deployment task:

1 On the security management console, select Menu | Policy | Product Deployment.

2 Duplicate the task you used to install the product modules, then specify Removeas the Action.

3 After the task has completed, verify that the client software was uninstalledfrom the selected systems. Click Dashboards, then select Endpoint Security: InstallationStatus.

See the McAfee ePO or McAfee ePO Cloud product guide for more informationabout using product deployment tasks.

At the localmanagedsystem

Uninstall from the Windows Control Panel:

1 Open the Windows Control Panel, then go to the Uninstall Programs screen.

2 In the list of programs, select each product module, then click Uninstall.• McAfee Endpoint Security Adaptive Threat Protection — If Adaptive Threat Protection is

installed, you must uninstall it before uninstalling Threat Prevention.

• McAfee Endpoint Security Firewall 10.5

• McAfee Endpoint Security Threat Prevention 10.5

• McAfee Endpoint Security Web Control 10.5

• McAfee Endpoint Security Platform 10.5

Endpoint Security Platform (Common module) is uninstalled automatically withthe last product module.

3 If prompted, enter a password for each module.By default, no password is required.

Installation for systems managed with McAfee ePO and McAfee ePO CloudUninstall from systems managed with McAfee ePO or McAfee ePO Cloud 3

McAfee Endpoint Security 10.5.0 Installation Guide 35

Page 36: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

3 Installation for systems managed with McAfee ePO and McAfee ePO CloudUninstall from systems managed with McAfee ePO or McAfee ePO Cloud

36 McAfee Endpoint Security 10.5.0 Installation Guide

Page 37: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

4 Installation for self-managed systems

Use this information to install the product on systems that are not managed by a centralized networkmanagement tool.

Contents Installation overview for self-managed systems Upgrade the McAfee Agent on self-managed systems Install with the installation wizard Install from the command line Verify the installation Uninstall from a self-managed system

Installation overview for self-managed systemsLocal system users perform these high-level tasks to install or upgrade the product on self-managedsystems.

1 Make sure that the system meets the requirements described in Chapter 2, Pre-installation.

2 (Optional) If you are upgrading legacy products and plan to preserve your settings, review andrevise them as needed.

3 Upgrade the McAfee Agent, if needed.

Endpoint Security requires McAfee Agent 5.0.2.333 or later (version 5.0.4 is recommended).Endpoint Security automatically upgrades version 4.0 and later of the agent to a supported versionduring product upgrades. You can also upgrade the agent manually.

4 Copy the product files to the self-managed system.

Depending on how you purchased the product, you might need to download product files from adownload site or copy them from a disc.

5 Launch the installation wizard to install or upgrade the product.

6 Verify that the client software is installed and up to date.

7 (Optional) If you upgraded from legacy products and preserved your settings, verify that thesettings were preserved.

Best practice: Restart the system after installing this release of the product.

See also Upgrading an existing version of the product on page 22

4

McAfee Endpoint Security 10.5.0 Installation Guide 37

Page 38: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Upgrade the McAfee Agent on self-managed systemsEndpoint Security requires McAfee Agent 5.0.2.333 or later (version 5.0.4 is recommended). EndpointSecurity automatically upgrades version 4.0 and later of the agent to a supported version duringproduct upgrades. You can also upgrade the agent manually.

TaskFor details about product features, usage, and best practices, click ? or Help.

1 Download the McAfee Agent client package from the download site.

2 Unzip the McAfee Agent package and locate the FramePkg_Upd.exe file.

3 Right-click FramePkg_UPD.exe, then select Run as administrator.

Install with the installation wizardThe installation wizard automates much of the process for installing and upgrading the product onself-managed systems.

Before you beginThe systems where you install the product must meet the requirements described inChapter 2, Pre-installation.

TaskFor details about product features, usage, and best practices, click ? or Help.

1 Obtain your copy of the product software, then launch the installation wizard on the self-managedsystem.

For this productformat...

Perform these steps...

Download Download the Endpoint Security .zip file, unzip the contents of the file, thendouble-click setupEP.exe.

If you purchase the product online, McAfee or another provider sendsinstructions and a URL for downloading the product.

CD or DVD Insert the disc into a drive, open the contents, then double-clicksetupEP.exe.

If there is a product license number on the disc label or packaging, makesure that you have a copy for reference.

2 On the License Agreement page, click Accept.

3 Resolve any conflicts detected by the wizard.

The wizard attempts to uninstall conflicting virus-detection and firewall software productsautomatically. If it can't, it prompts you to uninstall them manually, then prompts you to reboot.

• If you reboot immediately, installation resumes after the system restarts.

• If you reboot later, run the installation wizard again at your earliest convenience.

See KB85522 for a list of the software products uninstalled automatically.

4 Installation for self-managed systemsUpgrade the McAfee Agent on self-managed systems

38 McAfee Endpoint Security 10.5.0 Installation Guide

Page 39: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

4 On the Install Options page, select the modules to install.

Install all product modules that you purchased with their default settings, or select options tocustomize your installation.

5 If you are upgrading VirusScan Enterprise 8.8, Host Intrusion Protection 8.0, or SiteAdvisorEnterprise 3.5, select whether to preserve your settings.

6 Click Install.

A dialog box shows the progress of the installation and notifies you when it is complete. You cancancel the installation at any time, if needed.

7 Click Finish to close the wizard.

See also Other virus-detection and firewall software on page 17

Install from the command lineYou can run the installation wizard from the command line, which lets you select additional options,such as silent installation. (By default, installation is interactive.)

Before you beginThe system where you install the product must meet the requirements described inChapter 2, Pre-installation.

• For silent installation, the wizard displays no feedback. All information is available in logs.

• For interactive command-line installation, the wizard displays a progress window and allows you tocancel the installation, if needed. All information is available in logs.

Task1 Copy the product files to the self-managed system.

Depending on how you purchased the product, you might need to download product files from adownload site or copy them from a disc.

2 Open a Command Prompt window, navigate to the folder where you copied the files, then type thiscommand and any applicable parameters, which are not case-sensitive:

setupEP.exe /parameters

Type setupEP.exe /help for a complete list of command-line options for the SetupEP utility.

Best practice: Restart the system after installing this release of the product.

See also SetupEP command-line options (self-managed) on page 47

Verify the installationAfter installation is complete, verify that the modules installed successfully and the system is up todate. If you migrated settings from legacy products, verify that your settings migrated correctly.

Installation for self-managed systemsInstall from the command line 4

McAfee Endpoint Security 10.5.0 Installation Guide 39

Page 40: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

TaskFor details about product features, usage, and best practices, click ? or Help.

1 Open the Windows Control Panel and verify that the name of each module you selected to installappears and that version 10.5 is installed.

• McAfee Endpoint Security Firewall

• McAfee Endpoint Security Threat Prevention

• McAfee Endpoint Security Web Control

• McAfee Endpoint Security Platform

2 Open the installation log file and make sure that no errors or failure messages appear.

By default, the installation wizard installs the installation log files in the user Temp folder as %Temp%\McAfeeLogs (for example, C:\Users\username\AppData\Local\Temp\McAfeeLogs).

3 Open the Endpoint Security Client, then click Update Now to ensure that the system is up to date.

If your system is up to date, the page displays No Updates Available and the date and time of the lastupdate.

4 (Upgrade only) If you upgraded legacy products with preserved settings, check the client Settingspage for each product module to verify that legacy settings were migrated.

Uninstall from a self-managed systemYou can remove product modules on a self-managed system from the Windows Control Panel. Youmight do this for testing or before reinstalling the client software.

You can also uninstall the product modules from a command line.

Best practice: Reinstall the client software as soon as possible. When it is uninstalled, the system isnot protected against threats.

Task1 Open the Windows Control Panel, then go to the Uninstall Programs screen.

2 In the list of programs, select each product module, then click Uninstall.• McAfee Endpoint Security Adaptive Threat Protection — If Adaptive Threat Protection is installed, you must

uninstall it before uninstalling Threat Prevention.

• McAfee Endpoint Security Firewall

• McAfee Endpoint Security Threat Prevention

• McAfee Endpoint Security Web Control

• McAfee Endpoint Security Platform

Endpoint Security Platform (Common module) is uninstalled automatically with the last productmodule.

3 If prompted, enter a password for each module.

By default, no password is required.

4 Installation for self-managed systemsUninstall from a self-managed system

40 McAfee Endpoint Security 10.5.0 Installation Guide

Page 41: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

4 Wait for the wizard to report that it has uninstalled the support components. If you do not see anotification, check the Event Log to verify that the Endpoint Security Platform was removedsuccessfully.

5 If no other protection services are installed, select McAfee Agent in the Uninstall Programs screen of theWindows Control Panel, then click Uninstall.

See also SetupEP command-line options (self-managed) on page 47

Installation for self-managed systemsUninstall from a self-managed system 4

McAfee Endpoint Security 10.5.0 Installation Guide 41

Page 42: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

4 Installation for self-managed systemsUninstall from a self-managed system

42 McAfee Endpoint Security 10.5.0 Installation Guide

Page 43: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

5 Troubleshooting and reference

Use this information for basic product maintenance, troubleshooting, and reference.

Contents Troubleshooting installation problems Resolving error codes and messages Using command-line options Log files

Troubleshooting installation problemsFollow troubleshooting procedures to resolve problems related to installing and uninstalling theproduct, and capture the required system information.

Test malware detectionTest the virus‑detection feature of Threat Prevention by downloading the EICAR Standard AntiVirusTest File to the local system.Although it is designed to be detected as a virus, the EICAR test file is not a virus.

Task1 Download the EICAR file from this location:

http://www.eicar.org/download/eicar.com

If installed properly, Threat Prevention interrupts the download and displays a threat detectiondialog box.

2 Click OK.

If not installed properly, Threat Prevention does not detect the virus or interrupt the downloadprocess. In this case, use Windows Explorer to delete the EICAR test file from the client computer,then reinstall the product and test the new installation.

Using the MER tool for troubleshootingThe MER (Minimum Escalation Requirements) tool collects McAfee data from Endpoint Security andother McAfee products from your computer.

McAfee support uses this data to analyze and resolve your problem.

5

McAfee Endpoint Security 10.5.0 Installation Guide 43

Page 44: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

The information collected by the MER tool includes:

• Registry details • Event logs

• File version details • Process details

• Files

McAfee provides two versions of MER:

• WebMER runs on the client computer.

See How to use MER tools with supported McAfee products.

• MER tool for McAfee ePO uses McAfee ePO to run the MER tool on client computers.

See How to use the MER tool for McAfee ePO.

Resolving error codes and messagesError messages are displayed by programs when an unexpected condition occurs that can't be fixed bythe program itself. Use this list to find an error message, an explanation of the condition, and anyaction you can take to correct it.

Depending on how you launched the installation wizard, it displays a description of the error or anerror code.

Message Description Solution

Conflicting McAfeeproduct(s) found.

Error code: 16001The installation wizard detected one or moreconflicting McAfee products (such as DeepDefender) on the system that it can't removeautomatically.

Uninstall the conflictingproducts, then try installingagain.

Administrator rightsrequired.

Error code: 16002You must have administrator rights to run theinstallation wizard.

Log on as an administrator,then launch the installationwizard.

Invalid Package. Error code: 16006Invalid package found. Please verify that youhave a valid package.

Download a valid package file,then try installing the productagain.

Removal failed. Error code: 16007The installation wizard couldn't remove aprevious version of this product (such as abeta version) or a legacy product (such asVirusScan Enterprise or SiteAdvisorEnterprise) from the system.

Remove these productsmanually before installingEndpoint Security.Contact support if the issuepersists.

Installer failed tolaunch.

Error code: 16008The installation wizard was not able tolaunch.

Contact McAfee support.

Restart required Error code: 16015The installation wizard requires a systemrestart to continue the installation.

Restart the system to continuewith the installation.

Restart required Error code: 16016The installation wizard requires a systemrestart to complete the installation.

Restart the system to completethe installation.

5 Troubleshooting and referenceResolving error codes and messages

44 McAfee Endpoint Security 10.5.0 Installation Guide

Page 45: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Message Description Solution

Restart pending Error code: 16017A system restart from a previous installationor removal operation is pending.

Restart the system to continuewith the installation.

Incompatible softwareremoval failed.

Error code: 16018The installation wizard tried and failed toremove one or more incompatible softwareproducts it detected on the system.

Remove these productsmanually before installingEndpoint Security.

Installation canceled. Error code: 16020The user canceled the installation before itcompleted. The installation wizard made nochanges to the user's system.

Run the installation wizardagain.

Migration failed. Error code: 16025The installation wizard tried to migratesettings from a legacy product, but itencountered an error.

Run the installation wizardagain at a later time.

Installation failed. Error code: 16026The installation wizard was interrupted beforeit finished installing Endpoint Security. Itmade no changes to your system.

Run the installation wizardagain at a later time.

Your system is notprotected. Yourprevious securitysoftware wasuninstalled, but theinstaller was interruptedbefore McAfee EndpointSecurity was installed.Call McAfee support forassistance as soon aspossible.

Error code: 16029, 16030, 16031The installation wizard was interrupted beforeEndpoint Security was installed. Yourprevious software was uninstalled, but noother changes were made to your system.

To protect your system againstthreats, contact McAfee supportas soon as possible.

Your system is not fullyprotected. The installercould not install[product name]. CallMcAfee support forassistance.

Error code: 16032One or more Endpoint Security productmodules failed to install. Your previoussoftware was uninstalled.

To fully protect your systemagainst threats, call McAfeesupport as soon as possible.

Policy import failed. Error code: 16502The installation wizard installed EndpointSecurity successfully, but couldn't import thespecified policy.

Check that you selected theproper data to import. Contactsupport if the issue persists.

Policy import failed. Error code: 17001The installation wizard couldn't import thespecified policy.

Check that you selected theproper data to import. ContactMcAfee support if the issuepersists.

Installation failed andthen rollback failed.

Error code: 17002The installation wizard couldn't installEndpoint Security or roll back the changes itmade to the user's system.

Check the installation logs onthe system and contact McAfeesupport for assistance.

Troubleshooting and referenceResolving error codes and messages 5

McAfee Endpoint Security 10.5.0 Installation Guide 45

Page 46: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Message Description Solution

Installation canceledand then rollback failed.

Error code: 17003The installation was canceled before itcompleted. The installation wizard couldn'troll back the changes it made to the user'ssystem.

Check the installation logs onthe system and contact McAfeesupport for assistance.

Another installationwizard is alreadyrunning.

Error code: 1618Another installation is already in progress.

Complete that installationbefore proceeding with the newinstallation.

Installation failed. Error code: variousThe installation wizard couldn't installEndpoint Security. It made no changes to theuser's system.

See MsiExec.exe andInstMsi.exe Error Messages fordescriptions of specific errorcodes.If the issue persists, contactMcAfee support.

Using command-line optionsUse command-line options to customize product installation and uninstallation from the command line.

Supported options differ by product platform.

SetupEP command-line options (McAfee ePO and McAfee ePOCloud deployment tasks)Use these command-line options within a deployment task to install the product on systems managedwith McAfee ePO and McAfee ePO Cloud.

For each product module selected in a product deployment task, type supported options in thecorresponding Command line window. (Do not type the command, type only the options.)

Options are not case-sensitive.

Example

setupEP.exe INSTALLDIR="D:\Installed Programs" /l"D:\Installed Programs\Logs"

Installs the product files to a folder on drive D under Installed Programs and saves the installationlog files to a folder under Installed Programs\Logs.

5 Troubleshooting and referenceUsing command-line options

46 McAfee Endpoint Security 10.5.0 Installation Guide

Page 47: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Option Definition

INSTALLDIR="install_path" Specifies where to install the product files on the computer.

The installation wizard creates an Endpoint folder at the specifiedlocation and installs the product to this folder.

Example:INSTALLDIR="D:\Installed Programs"Installs the product modules under D:\Installed Programs\EndPoint\.

By default, product files are installed in the folder C:\windows\Temp\McAfeeLogs.

/log"install_log_path" or /l"install_log_path"/l*v"install_log_path"

• Specifies where to save the installation log files for trackinginstallation events.The installation wizard creates an Endpoint folder at thespecified location and saves the log files to this folder.

Example:/l"D:\Log Files"Installs the product log files under D:\Log Files\EndPoint\.

By default, log files are saved in the Windows System TEMPfolder C:\windows\Temp\McAfeeLogs.

• *v — Specifies verbose (more descriptive) logging entries.

/nocontentupdate Does not update product content files automatically as part of theinstallation process.Content files include the latest AMCore and Exploit Preventioncontent files required for Endpoint Security.

Best practice: Update content files to ensure that the system isfully protected. If you don't update them during installation,schedule an update as soon as possible.

/override"program_name" Overrides and uninstalls conflicting products as specified:• hips — McAfee Host Intrusion Prevention

Example:/override"hips"Uninstalls McAfee Host Intrusion Prevention automatically duringinstallation.

See also Download Endpoint Security content files on page 29Log files on page 51

SetupEP command-line options (self-managed)Use these options with the SetupEP utility to install the product from a command line.

Open a Command Prompt window, then run the SetupEP command using the appropriatecommand-line options.

Options are not case-sensitive.

Example

Troubleshooting and referenceUsing command-line options 5

McAfee Endpoint Security 10.5.0 Installation Guide 47

Page 48: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

setupEP.exe INSTALLDIR="D:\My Programs" /l"D:\My Log Files"

Installs the product files to a folder on drive D under My Programs and saves the installation log filesto a folder under My Log Files.

Basic options

setupEP.exe ADDLOCAL="fw,tp,wc" [INSTALLDIR="install_path"][/qb][/qb!][/l*v"install_log_path"]

All options

setupEP.exe ADDLOCAL="fw,tp,wc" [INSTALLDIR="install_path"][/qb][/qb!][/l"install_log_path"][/l*v"install_log_path"] [/import <file_name>] [/module <TP|FW|WC|ESP>] [/nopreservesettings] [/override"program_name"] [/policyname <name>] [/unlock<password>]

Option Definition

ADDLOCAL="fw,tp,wc" Selects the product modules to install:

• fw — Firewall

• tp — Threat Prevention

• wc — Web Control

• fw,tp,wc — Install all three modules.

Example:ADDLOCAL="tp,wc"Installs Threat Prevention and Web Control.

INSTALLDIR="install_path" Specifies where to install the product files on the computer.

The installation wizard creates an Endpoint folder at thespecified location and installs the product to this folder.

Example:INSTALLDIR="D:\Installed Programs"Installs the product modules under D:\Installed Programs\EndPoint\.

By default, product files are installed in the folder C:\windows\Temp\McAfeeLogs.

/log"install_log_path" or /l"install_log_path"/l*v"install_log_path"

• Specifies where to save the installation log files for trackinginstallation events.The installation wizard creates an Endpoint folder at thespecified location and saves the log files to this folder.

Example:/l"D:\Log Files"Installs the product log files under D:\Log Files\EndPoint\.

By default, log files are saved in the User TEMP folder C:\users\username\AppData\Local\Temp\McAfeeLogs.

• *v — Specifies verbose (more descriptive) logging entries.

5 Troubleshooting and referenceUsing command-line options

48 McAfee Endpoint Security 10.5.0 Installation Guide

Page 49: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Option Definition

/qn or /quiet/qb! or /passive/qb

Specifies how the users can interact with the installation wizard:

• qn — Hide all installation notifications (silent mode). Usershave no interaction.

• qb! — Show only a progress bar without a Cancel button. Userscannot cancel the installation while it is in progress (passivemode).

• qb — Show only a progress bar with a Cancel button. Users cancancel the installation while it is in progress, if needed.

/import <file_name> Imports policy settings from the specified file.

/module <TP|FW|WC|ESP> Applies imported policy settings to the specified productmodules.• TP — Threat Prevention

• FW — Firewall

• WC — Web Control

• ESP — Resources shared by product modules.

Example:/module TP FWImports settings to Threat Prevention and Firewall.

/nocontentupdate Do not update product content files automatically as part of theinstallation process.Content files include the latest AMCore and Exploit Preventioncontent files required for Endpoint Security.

Best practice: Update content files to ensure that the systemis fully protected. If you don't update them during installation,schedule an update as soon as possible.

/nopreservesettings Do not migrate your product settings to Endpoint Security.By default, settings are preserved.

/override"program_name" Overrides and uninstalls conflicting products as specified:• hips — McAfee Host Intrusion Prevention

Example:/override"hips"Uninstalls McAfee Host Intrusion Prevention automatically duringinstallation.

/policyname <name> Assigns the specified policy to systems where the product isinstalled.

/unlock <password> Sets the password for unlocking the client UI.

See also Download Endpoint Security content files on page 29Log files on page 51Create a custom policy to import on page 21

Troubleshooting and referenceUsing command-line options 5

McAfee Endpoint Security 10.5.0 Installation Guide 49

Page 50: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

ESConfigTool command-line optionsUse these options with the ESConfigTool utility to create a file of preconfigured policy settings thatyou can import during installation of Endpoint Security.

Open a Command Prompt window, then run the ESConfigTool command using the appropriatecommand-line options.

Options are not case-sensitive.

Example

ESConfigTool.exe /export C:\ENS\preconfigured.policy /module TP FW

Exports policy settings for Threat Prevention and Firewall to the file C:\ENS\preconfigured.policy.

Basic options

ESConfigTool.exe /export <file_name> [/module <TP|FW|WC|ESP> ] [/unlock <password> ][/plaintext ]

Option Definition

/export<file_path_and_name>

Saves policy settings to a file with the specified name and location.Example:/export C:\My Programs\Endpoint\preconfigured.policyExports settings to the file preconfigured.policy in the C:\MyPrograms\Endpoint folder.

Save this file to a folder that is not protected by McAfee. The foldercontaining ESConfigTool is protected, so the export location shouldbe a different, writable location.

/module <TP|FW|WC|ESP> Specifies which product module settings to export.• TP — Threat Prevention

• FW — Firewall

• WC — Web Control

• ESP — Resources shared by product modules.

Example:/module TP FW WC ESPExports settings for all product modules.

/unlock <password> Sets the password for unlocking the client UI.

/plaintext Specifies descriptive comments in human-readable format.

See also Create a custom policy to import on page 21

5 Troubleshooting and referenceUsing command-line options

50 McAfee Endpoint Security 10.5.0 Installation Guide

Page 51: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Log filesThe installation wizard tracks details about installation, uninstallation, and migration in log files thatyou can use to verify results and troubleshoot problems.

Default location of installation log files

By default, the installation wizard installs the installation log files in a TEMP folder. Use command-lineoptions to change the location for the log files.

Management platform Installation log file location

McAfee ePO Windows System TEMP folder(C:\Windows\TEMP\McAfeeLogs by default)McAfee ePO Cloud

Self-managed User TEMP folder — %Temp%\McAfeeLogs(C:\Users\username\AppData\Local\Temp\McAfeeLogs by default)

Types of log files

Check these log files for details about installation, uninstallation, and migration.

Log file name Type of information

McAfee_<module>_Install_XX.log Installation log for each product module.Example: McAfee_TP_Install_XX.log

McAfee_<Module>_Bootstrapper_XX.log Bootstrapper for each product module.

McAfee_Endpoint_BootStrapper_XX.log Bootstrapper for self-managed Master SETUPEP.

McAfee_<Module>_CustomAction_Install_XX.log MSI Custom Action for each product module.

McAfee_Endpoint_CompetitorUninstaller.log Removal of incompatible virus-protection andfirewall products.

McAfee_<Module>_UnInstall_XX.log Uninstallation log for each product module.

McAfee_<Module>_CustomAction_Uninstall_XX.log MSI Custom Action for each product module foruninstallation.

McAfee_Endpoint_Security_Migration_xxx.log Removal of legacy products.Example:McAfee_Endpoint_Security_Migration_McAfeeVirusScanEnterprise_8.8_06042015195245175.log

McAfee_<module>_Migration_Plugin.log Preserve and restore status of migrated legacysettings, per module.Example: McAfee_TP_Migration_Plugin.log

McAfee_ESP_Migration_Plugin.log Legacy settings migrated to the CommonOptions policy.

Troubleshooting and referenceLog files 5

McAfee Endpoint Security 10.5.0 Installation Guide 51

Page 52: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

5 Troubleshooting and referenceLog files

52 McAfee Endpoint Security 10.5.0 Installation Guide

Page 53: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

A Adaptive Threat Protection installation

Adaptive Threat Protection is an optional Endpoint Security module that analyzes content from yourenterprise and decides what to do based on file reputation, rules, and reputation thresholds.

You must manually install the components for Adaptive Threat Protection separately after EndpointSecurity installation is complete.

The Adaptive Threat Protection module is supported on Windows systems only.

Contents About Adaptive Threat Protection Install the product in managed environments Install the product on self-managed systems

About Adaptive Threat ProtectionAdaptive Threat Protection is an optional Endpoint Security module that analyzes content and decideswhat to do based on file reputation, rules, and reputation thresholds.

You can install Adaptive Threat Protection on Windows systems that are:

• Managed with McAfee ePO

• Self-managed

Adaptive Threat Protection isn't supported on systems managed by McAfee ePO Cloud.

Adaptive Threat Protection works with Endpoint Security Threat Prevention version 10.5. The ThreatPrevention and Common modules must be installed on the systems where Adaptive Threat Protectionis installed.

• McAfee ePO systems — If the product packages are checked in but not installed for these modules,they are installed automatically when you install Adaptive Threat Protection.

• Self-managed systems — If these modules are not installed, you can't install Adaptive ThreatProtection.

Content files for Adaptive Threat Protection contain rules to dynamically compute the reputation offiles and processes on the managed systems. They are updated every two months as part of theAMCore content package.

McAfee Endpoint Security 10.5.0 Installation Guide 53

Page 54: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Install the product in managed environmentsUse this information to install and use Endpoint Security Adaptive Threat Protection in networkenvironments managed with McAfee ePO.

Tasks

• Download and check in the components to McAfee ePO on page 57Check in the required Adaptive Threat Protection components to the McAfee ePO server. Ifyou plan to install the TIE server, you also need to download and check in the DataExchange Layer.

• Deploy Adaptive Threat Protection on page 58Deploy the Adaptive Threat Protection client package to managed systems. If you plan toinstall the TIE server, you also need to deploy the DXL Client.

• Verify the deployment on page 58After installing the Adaptive Threat Protection components, verify the deployment tomanaged systems. If you plan to install the TIE server, also verify deployment for the DataExchange Layer.

• Uninstall Adaptive Threat Protection on page 59Remove the product software from managed systems remotely from the managementconsole or locally at the managed system.

Using Adaptive Threat Protection on managed systemsYou can use McAfee ePO to configure, manage, deploy, and enforce Adaptive Threat Protectionpolicies. Once configured, you can then use queries and dashboards to monitor your environment forthreats.

Optional components

Adaptive Threat Protection can integrate with these optional components:

• TIE server — A server that stores information about file and certificate reputations, then passesthat information to other systems.

TIE server is optional. For information about the server, see the Threat Intelligence ExchangeProduct Guide.

• Data Exchange Layer — Clients and brokers that enable bidirectional communication between theAdaptive Threat Protection module on the managed system and the TIE server.

Data Exchange Layer is optional, but it is required for communication with TIE server. See McAfeeData Exchange Layer Product Guide for details.

These components are installed as McAfee ePO extensions and add several new features and reports.

How Adaptive Threat Protection works

Adaptive Threat Protection functions differently, depending on whether TIE server is deployed:

• If TIE server isn't available and the system is connected to the Internet, Adaptive Threat Protectionuses McAfee GTI for reputation decisions.

• If TIE server isn't available and the system isn't connected to the Internet, Adaptive ThreatProtection determines the file reputation using information about the local system.

• If TIE server is available, Adaptive Threat Protection uses the Data Exchange Layer framework toshare file and threat information instantly across the whole enterprise.

See the Endpoint Security Adaptive Threat Protection Help for more information.

A Adaptive Threat Protection installationInstall the product in managed environments

54 McAfee Endpoint Security 10.5.0 Installation Guide

Page 55: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

System requirements for Adaptive Threat ProtectionAdaptive Threat Protection is supported in McAfee ePO environments that meet the requirementsdescribed in Chapter 2. Make sure that your system environment meets these additional requirementsand that you have administrator rights.

Products Components Version Notes

VMware vSphere 5.1.0 withVMWare vSphereESXi 5.1 or later

Optional. Required if deploying theTIE server.

See the McAfee Threat IntelligenceExchange Server Product Guide.

Threat IntelligenceExchange

Threat IntelligenceExchange (TIE)server

1.2 Optional. See the McAfee ThreatIntelligence Exchange Server ProductGuide.

McAfee ePO server(on-premise only)

5.1.1, 5.3

McAfee ePO productpackages (checkedin to the MasterRepository)

McAfee Agent forWindows

5.0.2.333 or later(5.0.4recommended)

Automatically checked in when youcheck in Endpoint Security to McAfeeePO.

Data ExchangeLayer Clientpackage

2.0.0 Optional. Required if deploying theTIE server.

Endpoint SecurityPlatform

10.5 Automatically checked in when youcheck in Endpoint Security to McAfeeePO.

Endpoint SecurityThreat Prevention

10.5 Automatically checked in when youcheck in Endpoint Security to McAfeeePO.

Endpoint SecurityAdaptive ThreatProtection

10.5 Separate package.

Best practice: To use all thenewest features, install the 10.5version of Adaptive ThreatProtection with the 10.5 versionof Endpoint Security.

McAfee ePO productextensions (installedin Extensions)

McAfee Agentextension

5.0.2.333 or later(5.0.4recommended)

Automatically checked in when youcheck in the Endpoint Securityproduct to McAfee ePO.

Endpoint SecurityPlatform

10.5 Automatically checked in when youcheck in the Endpoint Securityproduct to McAfee ePO.

Endpoint SecurityThreat Preventionextension

10.5 Automatically checked in when youcheck in the Endpoint Securityproduct to McAfee ePO.

Endpoint SecurityAdaptive ThreatProtectionextension

10.5 Required. Separate package.

Threat IntelligenceExchange Serverextension

1.1 Optional. Required if deploying theTIE server.

Adaptive Threat Protection installationInstall the product in managed environments A

McAfee Endpoint Security 10.5.0 Installation Guide 55

Page 56: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Products Components Version Notes

Products deployedto your managedsystems

McAfee Agent 5.0.2.333 or later(5.0.4recommended)

For more information about thiscomponent, see the McAfee AgentProduct Guide.

Data ExchangeLayer Clientpackage

2.0.0 Optional. Required if deploying theTIE server.

Can be deployed as part of theEndpoint Security deployment.

Endpoint SecurityPlatform

10.5 Can be deployed as part of theEndpoint Security deployment.

If you have checked in this productpackage to the Master Repositorybut not deployed it, it is deployedalong with Adaptive ThreatProtection.

Endpoint SecurityThreat Prevention

10.5 Can be deployed as part of theEndpoint Security deployment.

If you have checked in this productpackage to the Master Repositorybut not deployed it, it is deployedalong with Adaptive ThreatProtection.

Endpoint SecurityAdaptive ThreatProtection

10.2 or 10.5 Endpoint Security version 10.5supports Endpoint Security ThreatIntelligence version 10.2 or EndpointSecurity Adaptive Threat Protectionversion 10.5.

Best practice: To use all thenewest features, install the 10.5version of Adaptive ThreatProtection with the 10.5 versionof Endpoint Security.

Overview of Adaptive Threat Protection installation processComplete these tasks to install and use Adaptive Threat Protection in managed network environments.

Tasks related to the TIE server are required only when the TIE server is installed.

1 Install the Endpoint Security product files on McAfee ePO.

• At a minimum, install the Endpoint Security Threat Prevention and Endpoint Security Platformextensions. These are installed as part of the Endpoint Security bundle.

• Check in the Endpoint Security Client product deployment package to the Master Repository.

2 Download and check in the product components to McAfee ePO.

3 (Required for TIE server only.) Install the Data Exchange Layer product files on McAfee ePO.

• Install the Data Exchange Layer extension.

• Check in the Data Exchange Layer product deployment package to the Master Repository.

A Adaptive Threat Protection installationInstall the product in managed environments

56 McAfee Endpoint Security 10.5.0 Installation Guide

Page 57: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

4 Install the Adaptive Threat Protection product files on McAfee ePO.

• Install the Adaptive Threat Protection extension.

• Check in the Adaptive Threat Protection product deployment package to the Master Repository.

5 Deploy the correct version of McAfee Agent to managed systems.

6 (Required for TIE server only.) Deploy the Data Exchange Layer package to managed systems.

7 Deploy Endpoint Security (at least Threat Prevention and Endpoint Security Platform) and AdaptiveThreat Protection to managed systems.

You can use a single deployment task for steps 6 and 7.

8 Verify the deployment.

9 (Required for TIE server only.) Install and configure the Threat Intelligence Exchange (TIE) server.See the McAfee Threat Intelligence Exchange Product Guide.

See also Install the product files on the management server on page 28Deploy to multiple systems with deployment tasks on page 29

Download and check in the components to McAfee ePOCheck in the required Adaptive Threat Protection components to the McAfee ePO server. If you plan toinstall the TIE server, you also need to download and check in the Data Exchange Layer.

Before you beginThe Endpoint Security product files (at least the Threat Prevention and Endpoint SecurityPlatform packages) are installed on the McAfee ePO server, and the Endpoint SecurityClient product deployment package is added to the Master Repository.

TaskFor details about product features, usage, and best practices, click ? or Help.

1 In McAfee ePO, select Menu | Software | Software Manager.

2 (Required only for TIE server) Check in the McAfee Data Exchange Layer package:

a From Management Solutions, select McAfee Data Exchange Layer 2.0.

b Check in the DXL Bundle package.

3 Check in the Adaptive Threat Protection package:

a From Endpoint Security, select McAfee Endpoint Security 10.5.

b Check in the Endpoint Security Adaptive Threat Protection package.

See also Install the product files on the management server on page 28

Adaptive Threat Protection installationInstall the product in managed environments A

McAfee Endpoint Security 10.5.0 Installation Guide 57

Page 58: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Deploy Adaptive Threat ProtectionDeploy the Adaptive Threat Protection client package to managed systems. If you plan to install theTIE server, you also need to deploy the DXL Client.

Before you beginMcAfee Endpoint Security, including the Endpoint Security Platform and Threat Preventionmodules, is deployed to the managed system. If you have checked in the client packagesfor these modules to the McAfee ePO server, but have not deployed them, the installationwizard deploys them with Adaptive Threat Protection. The systems where you install theproduct must meet the requirements.

If Endpoint Security Threat Intelligence version 10.2 is installed, it is removed automatically duringthis installation process.

See the McAfee ePO Help for details about deploying software.

TaskFor details about product features, usage, and best practices, click ? or Help.

1 In McAfee ePO, select Menu | Software | Product Deployment, then click New Deployment.

2 Complete the new deployment information, being sure to deploy the packages in this order:

1 Data Exchange Layer Client — Required only if you plan to install the TIE server.

2 Endpoint Security Adaptive Threat Protection

3 Start the deployment.

See also System requirements for Adaptive Threat Protection on page 55System requirements for Endpoint Security on page 15Deploy to multiple systems with deployment tasks on page 29

Verify the deploymentAfter installing the Adaptive Threat Protection components, verify the deployment to managedsystems. If you plan to install the TIE server, also verify deployment for the Data Exchange Layer.

TaskFor details about product features, usage, and best practices, click ? or Help.

1 In the System Tree, click the group or system name, then click the Products tab.

2 Verify that the following components are listed:

• McAfee Endpoint Security Platform

• McAfee Endpoint Security Threat Prevention

• McAfee DXL Client — Required only if you plan to install the TIE server.

• McAfee Endpoint Security Adaptive Threat Protection

A Adaptive Threat Protection installationInstall the product in managed environments

58 McAfee Endpoint Security 10.5.0 Installation Guide

Page 59: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

What to do after installationWhen you have finished installing Adaptive Threat Protection, you need to set up the product.

See the Endpoint Security Adaptive Threat Protection Help for information about:

• Using Adaptive Threat Protection to detect and respond to threats in your environment

• Accessing Adaptive Threat Protection reports in McAfee ePO

For additional threat intelligence sources and functionality, you can also deploy the Threat IntelligenceExchange server. See the McAfee Threat Intelligence Exchange Product Guide for information aboutinstalling and configuring the optional server.

Uninstall Adaptive Threat ProtectionRemove the product software from managed systems remotely from the management console orlocally at the managed system.

You can continue to use Endpoint Security after uninstalling Adaptive Threat Protection. To uninstallEndpoint Security product modules, complete this task, then follow the instructions for uninstallingEndpoint Security.

TaskFor details about product features, usage, and best practices, click ? or Help.

• Remove the client software using one of these methods.

To uninstall... Do this...

From multiplesystemsremotely

1 On the security management console, select Menu | Policy | Product Deployment.

2 Duplicate the deployment task you used to install Adaptive Threat Protection,then specify Remove as the Action.If you also selected Threat Prevention and Endpoint Security Platform(Common) in the original deployment task, they will be uninstalled.

3 Verify that the client software was uninstalled from the selected systems.Click Dashboards, then select Endpoint Security: Installation Status.

See the McAfee ePO product guide for more information about using productdeployment tasks.

From the localmanaged system

1 Open the Windows Control Panel, then go to the Uninstall Programs screen.

2 In the list of programs, select McAfee Endpoint Security Adaptive Threat Protection, thenclick Uninstall.

3 If prompted, enter a password.By default, no password is required.

You must uninstall Adaptive Threat Protection before uninstalling ThreatPrevention.

See also Uninstall from systems managed with McAfee ePO or McAfee ePO Cloud on page 34

Adaptive Threat Protection installationInstall the product in managed environments A

McAfee Endpoint Security 10.5.0 Installation Guide 59

Page 60: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Install the product on self-managed systemsUse this information to install and use Endpoint Security Adaptive Threat Protection on self-managedsystems.

Tasks• Install Adaptive Threat Protection on the system on page 61

Install the product software on a self-managed system after installing version 10.5 ofMcAfee Endpoint Security.

• Verify the installation on self-managed systems on page 61After installing Adaptive Threat Protection, verify the installation.

• Uninstall Adaptive Threat Protection on self-managed systems on page 62Remove the product software on a self-managed system from the Windows Control Panel.

Using Adaptive Threat Protection on self-managed systemsOn self-managed systems, the Endpoint Security Adaptive Threat Protection module allows you tocreate rules for blocking and allowing a file or certificate based on its reputation, containing files withDynamic Application Containment, and using Real Protect.

Adaptive Threat Protection protects systems even when they're not connected to the internet.

• If the system is connected to the Internet, Adaptive Threat Protection uses McAfee GTI forreputation decisions.

• If the system isn't connected to the Internet, Adaptive Threat Protection determines the filereputation using information on the local system.

See the Endpoint Security Adaptive Threat Protection Help for more information.

System requirements for Adaptive Threat Protection on self-managed systemsAdaptive Threat Protection is supported on self-managed systems that meet the requirementsdescribed in Chapter 2. Make sure that your system also meets these additional requirements and thatyou have administrator rights.

Components Version Notes

McAfee Agent 5.0.2.333 or later(5.0.4 recommended)

The install wizard automatically upgrades version4.0 and later of the agent to a supported versionduring Endpoint Security upgrades. You can alsoupgrade the agent manually.

Endpoint SecurityPlatform

10.5 Can be installed as part of the Endpoint Securitybundle.

Endpoint Security ThreatPrevention

10.5 Can be installed as part of the Endpoint Securitybundle.

Endpoint SecurityAdaptive ThreatProtection

10.5

A Adaptive Threat Protection installationInstall the product on self-managed systems

60 McAfee Endpoint Security 10.5.0 Installation Guide

Page 61: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Overview of Adaptive Threat Protection installation processComplete these tasks to install and use Adaptive Threat Protection on self-managed systems.

1 Install the correct version of McAfee Agent.

2 Install Endpoint Security components (at least Threat Prevention and Endpoint Security Platform).

3 Install Adaptive Threat Protection.

4 Verify the deployment.

5 Set up and verify that the features are working correctly.

Install Adaptive Threat Protection on the systemInstall the product software on a self-managed system after installing version 10.5 of McAfee EndpointSecurity.

Before you beginMcAfee Endpoint Security version 10.5, including the Endpoint Security Platform and ThreatPrevention modules, is installed on the system. The systems where you install the productmust meet the requirements.

If Endpoint Security Threat Intelligence version 10.2 is installed, it is removed automatically duringthis installation process.

TaskFor details about product features, usage, and best practices, click ? or Help.

1 Download the Adaptive Threat Protection .zip file to the self-managed system.

If you purchase the product online, McAfee or another provider sends instructions and a URL fordownloading the product.

2 Unzip the contents of the file, then double-click setupatp.exe.

See also System requirements for Adaptive Threat Protection on self-managed systems on page 60

Verify the installation on self-managed systemsAfter installing Adaptive Threat Protection, verify the installation.

TaskFor details about product features, usage, and best practices, click ? or Help.

1 Open the Windows Control Panel, then go to the Uninstall Programs screen.

2 In the list of programs, verify that these products appear.

• McAfee Endpoint Security Platform

• McAfee Endpoint Security Threat Prevention

• McAfee Endpoint Security Adaptive Threat Protection

Adaptive Threat Protection installationInstall the product on self-managed systems A

McAfee Endpoint Security 10.5.0 Installation Guide 61

Page 62: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

What to do after installationWhen you have finished installing Adaptive Threat Protection on the self-managed system, make surethat it is working as expected.

1 If proxies are configured in your environment, update the McAfee GTI proxy settings in theCommon module.

2 Check the About box to confirm that Adaptive Threat Protection reports McAfee GTI connectivity.Without McAfee GTI connectivity, detections might be reduced.

3 Select the appropriate rule group based on your needs. See the Endpoint Security Adaptive ThreatProtection Help for more information.

4 Configure Dynamic Application Containment. Configure exclusions, specify the trigger threshold,and set rules to block. See the Endpoint Security Adaptive Threat Protection Help for moreinformation.

Best practice: By default, Dynamic Application Containment rules are set to report only. Forinformation about Dynamic Application Containment rules, including best practices for when to set arule to report or block, see KB87843.

Uninstall Adaptive Threat Protection on self-managed systemsRemove the product software on a self-managed system from the Windows Control Panel.

You can continue to use Endpoint Security after uninstalling Adaptive Threat Protection. To uninstallEndpoint Security product modules, complete this task, then follow the instructions for uninstallingEndpoint Security.

TaskFor details about product features, usage, and best practices, click ? or Help.

1 Open the Windows Control Panel, then go to the Uninstall Programs screen.

2 In the list of programs, select McAfee Endpoint Security Adaptive Threat Protection, then click Uninstall.

3 If prompted, enter a password.

By default, no password is required.

4 Wait for the wizard to report that it has uninstalled the product. If you do not see a notification,check the Event Log to verify that the product was removed successfully.

See also Uninstall from a self-managed system on page 40

A Adaptive Threat Protection installationInstall the product on self-managed systems

62 McAfee Endpoint Security 10.5.0 Installation Guide

Page 63: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

Index

Aabout this guide 5Adaptive Threat Protection

about 7and Data Exchange Layer Client 54

and Threat Prevention 53

content files 53

description 53

documentation 59

Adaptive Threat Protection, McAfee ePO systemsafter the installation 59

checking in components 57

content files, updates 29

deploying 58

how product works 54

installation overview 56

optional components 54

system requirements 55

uninstalling 59

verifying the deployment 58

Adaptive Threat Protection, self-managed systemsafter the installation 62

best practices 62

how product works 60

installation overview 61

installing 61

system requirements 60

uninstalling 62

verifying the installation 61

AMCore content files, updates 29

Bbest practices

Adaptive Threat Protection, observe mode 62

before installing and upgrading 18

customizing product settings 18

preparing to migrate legacy policies 22

rebooting after installation 25, 37

reinstalling client software 34, 40

running McAfee GetClean tool 18

testing custom packages 19

updating content files during installation 46, 47

version to install, Adaptive Threat Protection 55, 60

browser requirements 15

Cclient software

how it works 9installing, McAfee ePO Cloud systems 33

installing, McAfee ePO systems 29, 33

installing, self-managed systems 38, 39

Linux 14

Macintosh 14

requirements 15

testing threat prevention 43

uninstalling 34, 40

command-line installationESConfigTool utility, command-line options 50

McAfee ePO Cloud systems 29

McAfee ePO systems 29

self-managed systems 39

SetupEP utility, command-line options 46, 47

Common module, Endpoint Security Client 7compatibility

Deep Defender 17

firewalls 17

Host Intrusion Prevention 17, 27

McAfee Agent 22, 27

previous product versions 22

conflicting software 17

content files 53

content files, updates 29

conventions and icons used in this guide 5custom product packages, See preconfiguration of product

features

DData Exchange Layer

deploying 58

verifying the deployment 58

Data Exchange Layer Clientand Threat Prevention 54

installation overview 56

Deep Defender, compatibility 17

deploymentAdaptive Threat Protection 58

Data Exchange Layer client 58

McAfee Endpoint Security 10.5.0 Installation Guide 63

Page 64: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

deployment (continued)McAfee ePO Cloud systems, product deployment task 29

McAfee ePO Cloud systems, URL 31–33

McAfee ePO systems, product deployment task 29

McAfee ePO systems, URL 31–33

documentationAdaptive Threat Protection 59

audience for this guide 5product-specific, finding 6Threat Intelligence 62

typographical conventions and icons 5Dynamic Application Containment 60, 62

EEICAR test virus 43

Endpoint Security for Linux, system requirements 15

Endpoint Security for Mac, system requirements 15

Endpoint Security Package Designerbest practices 18

creating custom packages 19

installing custom packages 20

Endpoint Security Platform, uninstalling 34, 40

error codes and messages 44

ESConfigTool utilitycommand-line options 50

exporting custom policy for installation 21

Exploit Prevention content files, updates 29

FFirewall

about 7firewalls, compatibility 17

GGetClean tool 18

HHost Intrusion Prevention

compatibility 17

McAfee Agent and 27

Iimport, custom policy during installation 21

installationbrowser requirements 15

checklist 23

conflicting software 17

creating custom policy to import 21

creating preconfigured custom packages 19

error codes and messages 44

log files, Endpoint Security 51

preconfigured custom packages 20

preconfiguring the product 18

installation (continued)requirements 15

security management platform requirements 15

Threat Intelligence Exchange server, overview 56

upgrading the product 22

installation, Adaptive Threat Protectionafter the installation, McAfee ePO systems 59

after the installation, self-managed systems 62

checking in components, McAfee ePO systems 57

deploying to McAfee ePO systems 58

installing on self-managed systems 61

overview, McAfee ePO systems 56

overview, self-managed systems 61

requirements, McAfee ePO systems 55

requirements, self-managed systems 60

verifying the deployment, McAfee ePO systems 58

verifying the installation, self-managed systems 61

installation, McAfee ePO Cloud systemscommand-line options 46

creating installation URL 31, 32

installing with URL 33

overview 25

product deployment task 29

sending installation URL 31, 32

verification 34

installation, McAfee ePO systemscommand-line options 46

creating installation URL 31, 32

installing on security management server 28

installing with URL 33

overview 25

product deployment task 29

sending installation URL 31, 32

verification 34

installation, self-managed systemscommand-line options 47

installing with command line 39

overview 37

verification 39

wizard 38

Llegacy products

compatibility 22

migrating settings, overview 8, 22

upgrades, self-managed systems 38

upgrading, overview 8, 22

license information, McAfee ePO Cloud systems 25

Linux supportclient software 14

requirements 15

log filesEndpoint Security, installation 51

Index

64 McAfee Endpoint Security 10.5.0 Installation Guide

Page 65: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

MMacintosh support

client software 14

requirements 15

management platforms, See security management platforms management server, See security management server McAfee Agent

Host Intrusion Prevention, compatibility 27

installation requirements, Adaptive Threat Protection 55, 60

installation requirements, all platforms 15

upgrading, McAfee ePO Cloud systems 27

upgrading, McAfee ePO systems 27

upgrading, self-managed systems 38

McAfee ePO Cloud systemscommand-line options 46

creating installation URL 31, 32

creating product deployment task 29

installation overview 25

installing with command line 29

installing with URL 33

license information 25

security management platform overview 13

sending installation URL 31, 32

uninstalling the product 34

upgrading McAfee Agent 27

verifying installation 34

McAfee ePO systemsAdaptive Threat Protection and 53

command-line options 46

creating installation URL 31, 32

creating product deployment task 29

installation overview 25

installing on security management server 28

installing with command line 29

installing with URL 33

preconfigured settings 19, 20

security management platform overview 11

sending installation URL 31, 32

updating content files 29

upgrading McAfee Agent 27

verifying installation 34

McAfee ePO systems, uninstallation 34

McAfee GTI 18, 54, 60, 62

McAfee ServicePortal, accessing 6MER tool, troubleshooting 43

migrationcompatible legacy products 22

custom policies and 20

log files 51

self-managed systems, See upgradesmodules

about Endpoint Security 7

Nnon-Microsoft browsers 15

Ooperating systems, supported

Adaptive Threat Protection 55, 60

Endpoint Security 15

Ppolicies

migrating, best practice 22

migrating, overview 8, 22

migrating, precedence 20

preconfiguring 18–21

preconfiguration of product featuresbest practices 18

creating custom packages 19

creating custom policy to import 21

installing custom packages 20

migration and 20

overview 18

preserved settings, self-managed systems 37–39

product deployment taskMcAfee ePO Cloud systems 29

McAfee ePO systems 29

RReal Protect 60, 62

remove, See uninstallation requirements

Adaptive Threat Protection, McAfee ePO systems 55

Adaptive Threat Protection, self-managed systems 60

browser 15

Linux systems 15

Macintosh systems 15

McAfee Agent 15

security management platforms 15

Windows systems 15

Ssecurity level, browser 15

security management platformsMcAfee ePO Cloud, overview 13

McAfee ePO, overview 11

options 11

overview 10

requirements 15

self-managed systemsAdaptive Threat Protection and 60

command-line options 47, 50

installation, command line 39

installation, overview 37

installation, wizard 38

Index

McAfee Endpoint Security 10.5.0 Installation Guide 65

Page 66: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

self-managed systems (continued)preconfigured settings 18, 21

preserved settings 37

uninstalling the product 40

upgrades, overview 37

upgrading McAfee Agent 38

upgrading product 38

verifying installation 39

verifying preserved settings 39

serversserver-side installation, McAfee ePO 28

supported operating systems, Endpoint Security 15

ServicePortal, finding product documentation 6Setup utility, See SetupEP utility or SetupATP utility SetupATP utility 61

SetupEP utilitycommand-line options 46, 47

using, McAfee ePO Cloud systems 29

using, McAfee ePO systems 29

using, self-managed systems 39

silent installationMcAfee ePO Cloud systems 29

McAfee ePO systems 29

self-managed systems 39

SetupEP utility, command-line options 46, 47

standalone systems, See self-managed systems system requirements, See requirements

Ttechnical support, finding product information 6Threat Intelligence

documentation 62

Threat Intelligence Exchange server 54–56

Threat Preventionabout 7and Adaptive Threat Protection 53

threat prevention, test 43

TIE server, See Threat Intelligence Exchange server tools

ESConfigTool 21

MER and WebMER 43

troubleshootingerror codes and messages, Endpoint Security 44

using the MER tools 43

viewing log files, Endpoint Security 51

Uuninstallation

conflicting software 17

uninstallation (continued)Endpoint Security Platform 34, 40

log files, Endpoint Security 51

McAfee ePO Cloud systems 34

McAfee ePO systems 34

self-managed systems 40

uninstallation, Adaptive Threat ProtectionMcAfee ePO systems 59

self-managed systems 62

unmanaged systems, See self-managed systems updates, content files 29

upgradesEndpoint Security, overview 8, 22

legacy products, overview 8, 22

McAfee Agent, McAfee ePO Cloud systems 27

McAfee Agent, McAfee ePO systems 27

McAfee Agent, self-managed systems 38

overview, McAfee ePO Cloud systems 25

overview, McAfee ePO systems 25

overview, self-managed systems 37

verifying, McAfee ePO Cloud systems 34

verifying, McAfee ePO systems 34

verifying, self-managed systems 39

wizard, self-managed systems 38

URL installationMcAfee ePO Cloud systems 31–33

McAfee ePO systems 31–33

utilitiesESConfigTool 21, 50

SetupATP 61

SetupEP 46, 47

Vverification, installation

Adaptive Threat Protection, McAfee ePO systems 58

Adaptive Threat Protection, self-managed systems 61

McAfee ePO Cloud systems 34

McAfee ePO systems 34

self-managed systems 39

virus protection, test 43

WWeb Control

about 7WebMER tool, troubleshooting 43

Windows firewall 17

Windows support, requirements 15

Index

66 McAfee Endpoint Security 10.5.0 Installation Guide

Page 67: Endpoint Security 10.5.0 Installation Guide - McAfee · PDF fileInstallation Guide McAfee Endpoint Security 10.5.0 For use with McAfee ePolicy Orchestrator

0-00