Deploying software for

managed systems

McAfee ePolicy Orchestrator 5.10 Administration

Presented by: Doug Keller

McAfee LLC Confidential 2019 McAfee Tech Forum Americas 283

© 2019 McAfee LLC M01 - 283 McAfee LLC Confidential

 Module goals
What you will learn

By the end of this module you should be able to:

 Identify different methods used to acquire required software
components
 Explain how the Software Catalog works
 Install extensions and software components manually
 Check in required software components manually
 Distinguish between a Product Deployment project and client task

McAfee LLC Confidential 2019 McAfee Tech Forum Americas 284

McAfee® ePolicy Orchestrator® (McAfee® ePO™) simplifies the process of deploying products to the managed
systems in your network by providing a user interface to configure and schedule deployments.
What You Will Learn
In this module, you will learn how to deploy software manually and automatically.
Module Goals
The module goals are:
 Identify different methods used to acquire required software components.
 Explain how the Software Catalog works.
 Install extensions and software components manually.
 Check in required software components manually.
 Distinguish between a Product Deployment project and client task.
 Create a Product Deployment project.
 Create a custom installation URL.

© 2019 McAfee LLC M01 - 284 McAfee LLC Confidential

 Acquiring software components

McAfee.com > For Business > Support Menu > Software > Software Catalog
& Training > Manage Your Products >
Product Downloads

McAfee LLC Confidential 2019 McAfee Tech Forum Americas 285

Your first step is to acquire the required software components. One way is from the McAfee Product Download Site
(Business Home > For Business > Support & Training > Manage Your Products > Product Downloads or
https://www.mcafee.com/enterprise/en-us/downloads/my-products.html).
As discussed earlier in this course, valid credentials are required.
A grant number is required for many products, such as:
 Endpoint Security (ENS)
 Host Intrusion Prevention System (HIPS)
 McAfee Vulnerability Manager (MVM)

Some products, such as Stonesoft and Next Generation Firewall (NGFW), require different types of credentials for
download permissions. For more information, contact McAfee Customer Service.
Another download method is ePO Software Catalog.

© 2019 McAfee LLC M01 - 285 McAfee LLC Confidential

 Software Catalog

Software Catalog:
 Eliminates need to access
McAfee Product Download site
 Informs you about availability of
new and updated software
 Lets you check in, update, and remove
many managed product components from
ePO server

Your ePO server must have internet access as it connects to the McAfee download server to verify which products are available.
You must download and manually install some components, such as extensions, signature data files (DATs), scan engines, or
products made up of MSI installers.

McAfee LLC Confidential 2019 McAfee Tech Forum Americas 286

The Software Catalog

 Informs you of the availability of new and updated licensed McAfee software products that your
organization uses, as well as trial (evaluation) versions
 Lets you check in, update, and remove many managed product components from the ePO server

Software availability and whether it is in the Licensed or Evaluation category depends on your license key. Some
components, such as Help extensions or those made up of MSI installers, cannot be installed using this action. You
must download and manually install these types of components.
Your server must have internet access because it connects to the McAfee download server to verify which products
are available.

Product Categories
Software components are organized into these categories:
 Updates Available: Lists licensed software, already checked in to this server or its repository, for which an
update is available.
 Evaluation software: Software for which your organization does not currently possess a license. You can
install evaluation software on your server, but functionality might be restricted until you acquire a product
license.
 Software (by Label): Many products are available in bundles, based on the specific solutions they provide.
This category lists bundled software, with details about the software and updates available.

© 2019 McAfee LLC M01 - 286 McAfee LLC Confidential

 Using the Software Catalog
Download and check in licensed software

McAfee LLC Confidential 2019 McAfee Tech Forum Americas 287

From the Software Catalog, you can download, check in, update, and remove managed product components from
your server.
To download and check in a product, complete these steps from the Software Catalog.

1. Select Menu > Software > Software Catalog to open the Software Catalog page.
2. In the Product Categories list, expand the product option that you are looking for.
3. In the table in the top right pane, select (highlight) a product, such as McAfee Endpoint Security 10.6.
4. In the bottom right pane, your options are:
 Check-in all: Check in all product components, listed in the product details pane, to the ePO server.
 Check in: Check in a specific product component.
 Download: Download product documentation to a location on your network.
 Remove: Uninstall a package or extension that is currently installed or checked into this server.
3. We want all McAfee Endpoint Security components, so select Check In All.
4. Review and accept the product details and End User License Agreement (EULA), then click OK.
5. An Activity In Progress page displays the progress.
6. After the process is complete, the software displays in the Checked In Software list.

© 2019 McAfee LLC M01 - 287 McAfee LLC Confidential

 Installing extensions manually
Previously downloaded (.zip)
Extensions provide tools for the products they represent, including default Policies, Client Tasks, Queries and
Dashboards. Adding an extension can also add a permission set definition, allowing non-administrators access
to the tools for the product.

Menu > Software > Extensions

McAfee LLC Confidential 2019 McAfee Tech Forum Americas 288

If you previously downloaded product components (Example: for ENS extensions), you can install them manually.
This is a two-step process:
 Install extensions
 Check in deployment packages
Extension files for products or components are in a zip file.
To install an extension manually, complete these steps from the ePO console:
1. Select Menu > Software > Extensions to open the Extensions page.
2. In the bottom left corner, click Install Extension. The Install Extension dialog box appears.
3. Browse to and select the desired extension (ZIP) file. Place the extension file in a location that is accessible
to the client browser.
4. Click OK.

© 2019 McAfee LLC M01 - 288 McAfee LLC Confidential

 Verifying installed extensions

 Modules
 Remove

 Name  Status
 Version  Requires
 Installed by  Details

McAfee LLC Confidential 2019 McAfee Tech Forum Americas 289

After the installation is complete, verify the product name appears in the Extensions list in the left page.
Select (highlight) the extension name in the left page (Example: Endpoint Security) to see information about it in
the right pane.

This information includes:

 Name: Lists the name the extension.
 Version: Specifies the version of the currently selected extension.
Note: Multiple versions of the same extension can be installed.
 Installed by: Specifies the user who installed the currently selected extension.
 Status: Identifies whether the extension was installed successfully. If it was not installed successfully, any
errors are identified.
 Requires: Specifies any extensions that the currently selected extension depends on.
 Details: Lists details of extension installation.
 Modules: Specifies the modules that are controlled by this extension and whether they are running. This is
valuable for troubleshooting.
 Remove: Removes the selected extension from the Extensions list.

© 2019 McAfee LLC M01 - 289 McAfee LLC Confidential

 Adding packages manually
Menu > Software > Master Repository
Packages added to the Master Repository include:
Updates and Installs for Product Software, Service
Packs, Plugins, Engines, DAT files and Content files
 Select zipped package (Do not unzip)
 Update as necessary

McAfee LLC Confidential 2019 McAfee Tech Forum Americas 290

The ePO Master Repository:

 houses the required: software packages, extensions, data files, and updates.
 is physically located on the ePO server in the ePO software installation directory (\DB\Software).
 is always the primary repository for the ePO environment.
Note: As part of the deployment, you must check the package into the ePO Master Repository.

Complete these steps from the ePO console:

1. From the Menu page, select Software > Master Repository. The Master Repository page opens.
2. Click Check In Package. A corresponding page opens.
3. For Package type, make sure Product or Update (.ZIP) is selected.
4. Browse to and select the zipped package. Do not unzip the package.
5. Click Open.
6. On the Check In Package dialog, make sure the selected package displays in the text box and then click
Next.
7. Review the information about the package, including Name, Version, Type, and Language.
8. For Branch, make sure Current is selected.
9. Notice the package is signed.
10. Click Save.
11. Wait while the package is adding to the Master Repository. You are returned to the Master Repository
after the process is complete.
12. Locate the product in the list. Review key information, such as Status, Type, Version, Minor Version,
Language, Check-In Date, Signed by, and Branch.

© 2019 McAfee LLC M01 - 290 McAfee LLC Confidential

 Master Repository pages
Verifying Package Types
 The preset is for All Package Types

Menu > Software > Master Repository

McAfee LLC Confidential 2019 McAfee Tech Forum Americas 291

After adding the required extensions and packages, verify the installation. From the menu page, select Software >
Extensions and then Software > Master Repository.

© 2019 McAfee LLC M01 - 291 McAfee LLC Confidential

 Product Deployment overview
Product Deployment Project: Client Task Catalog: Individually Installation URL:
Collection of tasks (fixed or created and managed client task Create a custom installation URL
continuous, stop, uninstall) objects and tasks

Menu > Policy >

Client Task Catalog

Menu > Software > Menu > Dashboards >

Product Deployment Getting Started with ePO
Menu > Software >
Master Repository
McAfee LLC Confidential 2019 McAfee Tech Forum Americas 292

ePO simplifies the process of deploying security products to the managed systems in your network, by providing a
user interface to configure and schedule deployments.

There are three processes you can follow to deploy products using ePO:
 Product Deployment Projects: Streamline the deployment process by consolidating many of the steps
needed to create and manage product deployment tasks, individually. Provide more functionality than
client tasks.
Examples: The ability to run a deployment continuously, stop a deployment, and uninstall a previously
deployed product. (Requires ePO 5.0 or later.)
 Client Tasks: The Client Tasks Catalog applies the concept of logical objects to ePO client tasks. You can
create client task objects for a variety of purposes, without the need to assign them immediately. As a
result, you can treat these objects as reusable components when assigning and scheduling client tasks.
 Install with an installation URL: You can install the product on a local system with an installation URL.
You can create a custom installation URL and use it to install the client software on your own local system
or send it to end users to install the client software on their systems.

You can access the pages for using both methods from the Menu page.

 To create a client task, select Menu > Policy > Task Catalog.
 To create a deployment project, select Menu > Software > Product Deployment.
 To create a custom URL, select Menu > Dashboards, then select Getting Started with ePolicy
Orchestrator from the drop-down list.

The product modules installed on managed systems are listed under My Products. The default installation URL
appears underneath.

© 2019 McAfee LLC M01 - 292 McAfee LLC Confidential

 Example: Product Deployment client task
Enter the name of the task

Optionally, enter a description

Select all Select the products and components to

platforms where deploy when this task runs
packages are
deployed

Deselect, otherwise, the user has

the option to postpone the task.

Delay update How long the option to postpone

and deployment exists. Task begins once the
tasks threshold has passed.
McAfee LLC Confidential 2019 McAfee Tech Forum Americas 293

Fields and Descriptions

 Task Name: Provide a name for the task.
 Description: An optional description of the task's purpose.
 Target platforms: Specifies all platforms where these packages are deployed.
 Products and components: Select the products and components to deploy when this task runs.
 If you do not see the product you want to deploy listed here, you must first check in that product’s
software package.
 Select Add (+) or Delete (-) to add or delete products from the list.
For each product:
 Specify the Action, Language, and Branch.
 Optionally, specify command-line update options by typing the desired command.
 Postpone Deployment dialog box (Windows systems only): Select Allow end users to postpone this
update to give the user the option to postpone the update.
Example: If users are in the middle of an important task, they can postpone the update to finish the task,
or at least close any open applications.
 Maximum number of postpones allowed: Specifies the number of times a user can postpone the
update. Default: 1.
 Option to postpone expires after (seconds): Specifies how long the option to postpone exists. Once this
threshold is passed, the update begins. Default: 20 seconds.
 Display this text: Specifies a message displayed in the Postpone Update dialog box.

© 2019 McAfee LLC M01 - 293 McAfee LLC Confidential

 Default ENS Client Deployment task
General information

Default name

Description

All that apply

McAfee LLC Confidential 2019 McAfee Tech Forum Americas 294

The figure on this and the following pages shows the default ENS 10.5.x client deployment task. As discussed
earlier, you must supply a unique name. A description is optional.

For Targeted platforms, select all that apply.

© 2019 McAfee LLC M01 - 294 McAfee LLC Confidential

 Example Client Deployment task
Products and components

Default
modules that
apply

Note: The Endpoint Security Platform is not added by default.

It will be installed automatically with any of the other selected modules.

McAfee LLC Confidential 2019 McAfee Tech Forum Americas 295

The figure shows the packages added to the deployment. If you duplicate this task or create you own ENS
deployment task, the products can be added in any order. You do not have to add the Endpoint Security Platform
to the list. It is installed by default. As you may note the default task does not have this product added to the task.
We do not want users to postpone the deployment. This is an individual organization’s preference.

Note: Only the packages that have been checked in to the Master Repository will show up in this list.

© 2019 McAfee LLC M01 - 295 McAfee LLC Confidential

 Viewing details for product deployments
Menu > User Management > Audit Log

Use the Quick find

box to filter your
results

Contains records of all product

deployments made from the
ePO console, using the
Product Deployment feature

McAfee LLC Confidential 2019 McAfee Tech Forum Americas 296

Audit logs, from your deployment projects, contain records of all product deployments made from the console,
using the Product Deployment feature.
These audit log entries are displayed in a sortable table within the Deployment details area of the Product
Deployment page, as well as on the Audit Log page, which contains log entries from all auditable user actions. You
can use these logs to track, create, edit, duplicate, delete, and uninstall product deployments. Click a log entry to
display entry details.

© 2019 McAfee LLC M01 - 296 McAfee LLC Confidential

 Review: Client Task Catalog

 Assigned at any level in the System

Tree
 Inherited by groups and systems lower
in the tree
 Allows inheritance to be broken
 Can be shared across multiple
registered ePO servers
 Must be assigned to managed systems
 Can schedule to run immediately

Product Deployment client tasks deploy products to your managed systems from the Master Repository.
Product Update client tasks control when and how managed systems receive updates, when global updating is not used.

McAfee LLC Confidential 2019 McAfee Tech Forum Americas 297

Another way to deploy software products is using the Client Task Catalog. Unlike product deployment projects, you
can use them with ePO releases prior to ePO 5.0.
Client tasks can be assigned at any level in the System Tree and are inherited by groups and systems lower in the
tree. As with policies and policy assignments, you can break the inheritance for an assigned client task.
Client task objects can be shared across multiple registered ePO servers in your environment. When client task
objects are set to be shared, each registered server receives a copy after your Share Client Task server task runs.
Any changes made to the task are updated each time it runs. When a client task object is shared, only the owner of
the object can modify its settings.
The extension files, installed on your McAfee ePO server, determine which client tasks are available. Client tasks
must be assigned to your managed systems.
Administrators on the target server that receives a shared task are not owners for that shared task. None of the
users on the target server are owners for any shared task objects the target receives.

Note: Deployment tasks are client tasks that are used to deploy managed security products to your managed
systems from the Master Repository.

Client update tasks control when and how managed systems receive update packages, when global updating is not
used. If you are not using global updating, client update tasks is the only way you can control client updating with
ePO software. If you use global updating, this task is not necessary, although you can create a daily task for
redundancy.

© 2019 McAfee LLC M01 - 297 McAfee LLC Confidential

 Review
Key points

√ ePO simplifies the process of deploying products to the managed systems in your network, by
providing a user interface to configure and schedule deployments
√ You can acquire the required software components from the McAfee Product Download Site
√ From the Software Catalog, you can download, check in, update, and remove managed product
components from your server
√ There are multiple processes you can follow to deploy products using ePO:
product deployment projects, client tasks, and URL

McAfee LLC Confidential 2019 McAfee Tech Forum Americas 298

This slide highlights key points for this module.

© 2019 McAfee LLC M01 - 298 McAfee LLC Confidential

 McAfee and the McAfee logo, and McAfee® ePolicy Orchestrator® (McAfee® ePO™) are trademarks or registered trademarks of McAfee LLC or its subsidiaries in the US and other countries. Other
marks and brands may be claimed as the property of others. Copyright © 2019 McAfee LLC

McAfee Confidential. McAfee restricts the re-distribution of this training material to unauthorized audiences.

© 2019 McAfee LLC M01 - 299 McAfee LLC Confidential